Djam/openssl1.1
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/openssl1.1.git synced 2025-02-23 08:02:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update from 1.0 to 1.1.1g:

Browse source 
- new major version
- dropped compat libs, seems that there is no more need to be compatible with Red Hat naming (not sure, TODO: check it)
- unified %%docs to easify reading diffs of them
- dropped all patches the aim of which ones is not clear to me and there is not description
- trying to be buildable on e2k for future
- dropped requirements of GOST engine to eventually break this dependency loop, we can preinstall gost-engine where needed by other ways
- GOST engine is no more built here in OpenSSL
- replaced removing of some manuals with renaming them
- now shipping HTML docs (mans)
- switched to upstream location of engines (it now has %%major in it and is OK for us)
- moved everything from /lib to /usr/lib as preparation for merging everything into /usr
- sorted all configure options to improve readability of diffs in the future
- introduced new macros alike LibreSSL package
- added macro %%openssl_engines_dir for reusing in e.g. openssl-gost-engine
- added symlink openssl1.1 -> openssl, because I am thinking of keeping /usr/bin/openssl1.0
  in the openssl1.0 compat package, so adding a similar symlink here for consistency
- explicit file provide /usr/bin/openssl is not needed because it is put automatically by RPM 4
- versionized some provides
- TODO: 2 tests fail for now... Maybe Perl is broken?

Based on:
- 3591a33115
- ALT Linux spec https://packages.altlinux.org/ru/sisyphus/specfiles/openssl1.1
- OpenMandriva spec https://github.com/OpenMandrivaAssociation/openssl/blob/93f1264/openssl.spec
This commit is contained in:
Mikhail Novosyolov 2020-04-22 23:11:52 +03:00
parent b1e6ee8c1e
commit 7539bee3cf
15 changed files with 141 additions and 1860 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.abf.yml
View file

@ -1,3 +1,2 @@
sources:
openssl-1.0.2u.tar.gz: 740916d79ab0d209d2775277b1c6c3ec2f6502b2
openssl-1.0.2u.tar.gz.asc: 744624933632f6fa2c16ed0093468e276ce68988
openssl-1.1.1g.tar.gz: b213a293f2127ec3e323fb3cfc0c9807664fd997

11
openssl-0.9.8a-no-rpath.patch
View file

@ -1,11 +0,0 @@
--- openssl-0.9.8a/Makefile.shared.no-rpath 2005-06-23 22:47:54.000000000 +0200
+++ openssl-0.9.8a/Makefile.shared 2005-11-16 22:35:37.000000000 +0100
@@ -153,7 +153,7 @@
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
+DO_GNU_APP=LDFLAGS="$(CFLAGS)"
#This is rather special. It's a special target with which one can link
#applications without bothering with any features that have anything to

19
openssl-1.0.1c-fix-perlpath.pl
View file

@ -1,19 +0,0 @@
--- openssl-1.0.1c/util/perlpath.pl~ 1999-03-10 20:57:05.000000000 +0100
+++ openssl-1.0.1c/util/perlpath.pl 2012-12-28 15:31:20.357657353 +0100
@@ -1,13 +1,13 @@
-#!/usr/local/bin/perl
+#!/usr/bin/perl
#
# modify the '#!/usr/local/bin/perl'
# line in all scripts that rely on perl.
#
-require "find.pl";
+use File::Find;
$#ARGV == 0 || print STDERR "usage: perlpath newpath (eg /usr/bin)\n";
-&find(".");
+find(\&wanted, ".");
sub wanted
{

379
openssl-1.0.2-Backport-GOST-2015-identificators-and-GOST-OIDs-for-.patch
View file

@ -1,379 +0,0 @@
From dcca4a0281beea3deb5523b94f011a236e5b7a0d Mon Sep 17 00:00:00 2001
From: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
Date: Sat, 28 Dec 2019 19:28:09 +0300
Subject: [PATCH] Backport GOST 2015 identificators and GOST OIDs for Edwards
parameter sets
Backport of upstream commits to openssl-1.0.2t:
* 3b5e5172007d5eb30cec4269a0f763c9632afd06 "Add GOST OIDs for Edwards parameter sets" by Sergey Zhuravlev <babun2000@mail.ru>
* 55fc247a699be33153f27c06d304e6e60eeff980 "New GOST identificators" by Dmitry Belyavskiy <beldmit@gmail.com>
Signed-off-by: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
---
crypto/objects/obj_dat.h | 113 +++++++++++++++++++++++++++++++++++--
crypto/objects/obj_mac.h | 93 ++++++++++++++++++++++++++++++
crypto/objects/obj_mac.num | 23 ++++++++
crypto/objects/objects.txt | 26 +++++++++
4 files changed, 250 insertions(+), 5 deletions(-)
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index 641cd8e9d2..521a843ae6 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -62,12 +62,12 @@
* [including the GNU Public Licence.]
*/
-#define NUM_NID 1000
-#define NUM_SN 993
-#define NUM_LN 993
-#define NUM_OBJ 921
+#define NUM_NID 1023
+#define NUM_SN 1016
+#define NUM_LN 1016
+#define NUM_OBJ 938
-static const unsigned char lvalues[6485]={
+static const unsigned char lvalues[6631]={
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */
@@ -983,6 +983,23 @@ static const unsigned char lvalues[6485]={
0x2A,0x85,0x03,0x03,0x81,0x03,0x01,0x01, /* [6466] OBJ_INN */
0x2A,0x85,0x03,0x64,0x01, /* [6474] OBJ_OGRN */
0x2A,0x85,0x03,0x64,0x03, /* [6479] OBJ_SNILS */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01, /* [ 7625] OBJ_id_tc26_cipher_gostr3412_2015_magma */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01,0x01, /* [ 7633] OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01,0x02, /* [ 7642] OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02, /* [ 7651] OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02,0x01, /* [ 7659] OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02,0x02, /* [ 7668] OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x07, /* [ 7677] OBJ_id_tc26_wrap */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01, /* [ 7684] OBJ_id_tc26_wrap_gostr3412_2015_magma */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01,0x01, /* [ 7692] OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x02, /* [ 7701] OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01,0x01, /* [ 7709] OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x02, /* [ 7718] OBJ_id_tc26_gost_3410_2012_256_paramSetB */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x03, /* [ 7727] OBJ_id_tc26_gost_3410_2012_256_paramSetC */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x04, /* [ 7736] OBJ_id_tc26_gost_3410_2012_256_paramSetD */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01, /* [ 7341] OBJ_id_tc26_gost_3410_2012_256_constants */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x01, /* [ 7349] OBJ_id_tc26_gost_3410_2012_256_paramSetA */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x03, /* [ 7358] OBJ_id_tc26_gost_3410_2012_512_paramSetC */
};
static const ASN1_OBJECT nid_objs[NUM_NID]={
@@ -2620,6 +2637,29 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
{"grasshopper-cbc","grasshopper-cbc",NID_grasshopper_cbc,0,NULL,0},
{"grasshopper-cfb","grasshopper-cfb",NID_grasshopper_cfb,0,NULL,0},
{"grasshopper-mac","grasshopper-mac",NID_grasshopper_mac,0,NULL,0},
+{"id-tc26-cipher-gostr3412-2015-magma", "id-tc26-cipher-gostr3412-2015-magma", NID_id_tc26_cipher_gostr3412_2015_magma, 8, &so[7625]},
+{"id-tc26-cipher-gostr3412-2015-magma-ctracpkm", "id-tc26-cipher-gostr3412-2015-magma-ctracpkm", NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm, 9, &so[7633]},
+{"id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac", "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac", NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac, 9, &so[7642]},
+{"id-tc26-cipher-gostr3412-2015-kuznyechik", "id-tc26-cipher-gostr3412-2015-kuznyechik", NID_id_tc26_cipher_gostr3412_2015_kuznyechik, 8, &so[7651]},
+{"id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm", "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm", NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm, 9, &so[7659]},
+{"id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac", "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac", NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac, 9, &so[7668]},
+{"id-tc26-wrap", "id-tc26-wrap", NID_id_tc26_wrap, 7, &so[7677]},
+{"id-tc26-wrap-gostr3412-2015-magma", "id-tc26-wrap-gostr3412-2015-magma", NID_id_tc26_wrap_gostr3412_2015_magma, 8, &so[7684]},
+{"id-tc26-wrap-gostr3412-2015-magma-kexp15", "id-tc26-wrap-gostr3412-2015-magma-kexp15", NID_id_tc26_wrap_gostr3412_2015_magma_kexp15, 9, &so[7692]},
+{"id-tc26-wrap-gostr3412-2015-kuznyechik", "id-tc26-wrap-gostr3412-2015-kuznyechik", NID_id_tc26_wrap_gostr3412_2015_kuznyechik, 8, &so[7701]},
+{"id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15", "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15", NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15, 9, &so[7709]},
+{"id-tc26-gost-3410-2012-512-paramSetC", "GOST R 34.10-2012 (512 bit) ParamSet C", NID_id_tc26_gost_3410_2012_512_paramSetC, 9, &so[7358]},
+{"id-tc26-gost-3410-2012-256-constants", "id-tc26-gost-3410-2012-256-constants", NID_id_tc26_gost_3410_2012_256_constants, 8, &so[7341]},
+{"id-tc26-gost-3410-2012-256-paramSetA", "GOST R 34.10-2012 (256 bit) ParamSet A", NID_id_tc26_gost_3410_2012_256_paramSetA, 9, &so[7349]},
+{"id-tc26-gost-3410-2012-256-paramSetB", "GOST R 34.10-2012 (256 bit) ParamSet B", NID_id_tc26_gost_3410_2012_256_paramSetB, 9, &so[7718]},
+{"id-tc26-gost-3410-2012-256-paramSetC", "GOST R 34.10-2012 (256 bit) ParamSet C", NID_id_tc26_gost_3410_2012_256_paramSetC, 9, &so[7727]},
+{"id-tc26-gost-3410-2012-256-paramSetD", "GOST R 34.10-2012 (256 bit) ParamSet D", NID_id_tc26_gost_3410_2012_256_paramSetD, 9, &so[7736]},
+{"magma-ecb", "magma-ecb", NID_magma_ecb},
+{"magma-ctr", "magma-ctr", NID_magma_ctr},
+{"magma-ofb", "magma-ofb", NID_magma_ofb},
+{"magma-cbc", "magma-cbc", NID_magma_cbc},
+{"magma-cfb", "magma-cfb", NID_magma_cfb},
+{"magma-mac", "magma-mac", NID_magma_mac},
};
static const unsigned int sn_objs[NUM_SN]={
@@ -3616,6 +3656,29 @@ static const unsigned int sn_objs[NUM_SN]={
503, /* "x500UniqueIdentifier" */
158, /* "x509Certificate" */
160, /* "x509Crl" */
+1147, /* "id-tc26-gost-3410-2012-256-constants" */
+1148, /* "id-tc26-gost-3410-2012-256-paramSetA" */
+1149, /* "id-tc26-gost-3410-2012-512-paramSetC" */
+1176, /* "id-tc26-cipher-gostr3412-2015-kuznyechik" */
+1177, /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm" */
+1178, /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac" */
+1173, /* "id-tc26-cipher-gostr3412-2015-magma" */
+1174, /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm" */
+1175, /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac" */
+1184, /* "id-tc26-gost-3410-2012-256-paramSetB" */
+1185, /* "id-tc26-gost-3410-2012-256-paramSetC" */
+1186, /* "id-tc26-gost-3410-2012-256-paramSetD" */
+1179, /* "id-tc26-wrap" */
+1182, /* "id-tc26-wrap-gostr3412-2015-kuznyechik" */
+1183, /* "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" */
+1180, /* "id-tc26-wrap-gostr3412-2015-magma" */
+1181, /* "id-tc26-wrap-gostr3412-2015-magma-kexp15" */
+1190, /* "magma-cbc" */
+1191, /* "magma-cfb" */
+1188, /* "magma-ctr" */
+1187, /* "magma-ecb" */
+1192, /* "magma-mac" */
+1189, /* "magma-ofb" */
};
static const unsigned int ln_objs[NUM_LN]={
@@ -4612,6 +4675,29 @@ static const unsigned int ln_objs[NUM_LN]={
158, /* "x509Certificate" */
160, /* "x509Crl" */
125, /* "zlib compression" */
+1147, /* "id-tc26-gost-3410-2012-256-constants" */
+1148, /* "id-tc26-gost-3410-2012-256-paramSetA" */
+1149, /* "id-tc26-gost-3410-2012-512-paramSetC" */
+1176, /* "id-tc26-cipher-gostr3412-2015-kuznyechik" */
+1177, /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm" */
+1178, /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac" */
+1173, /* "id-tc26-cipher-gostr3412-2015-magma" */
+1174, /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm" */
+1175, /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac" */
+1184, /* "id-tc26-gost-3410-2012-256-paramSetB" */
+1185, /* "id-tc26-gost-3410-2012-256-paramSetC" */
+1186, /* "id-tc26-gost-3410-2012-256-paramSetD" */
+1179, /* "id-tc26-wrap" */
+1182, /* "id-tc26-wrap-gostr3412-2015-kuznyechik" */
+1183, /* "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" */
+1180, /* "id-tc26-wrap-gostr3412-2015-magma" */
+1181, /* "id-tc26-wrap-gostr3412-2015-magma-kexp15" */
+1190, /* "magma-cbc" */
+1191, /* "magma-cfb" */
+1188, /* "magma-ctr" */
+1187, /* "magma-ecb" */
+1192, /* "magma-mac" */
+1189, /* "magma-ofb" */
};
static const unsigned int obj_objs[NUM_OBJ]={
@@ -5536,5 +5622,22 @@ static const unsigned int obj_objs[NUM_OBJ]={
955, /* OBJ_jurisdictionLocalityName 1 3 6 1 4 1 311 60 2 1 1 */
956, /* OBJ_jurisdictionStateOrProvinceName 1 3 6 1 4 1 311 60 2 1 2 */
957, /* OBJ_jurisdictionCountryName 1 3 6 1 4 1 311 60 2 1 3 */
+1179, /* OBJ_id_tc26_wrap 1 2 643 7 1 1 7 */
+1173, /* OBJ_id_tc26_cipher_gostr3412_2015_magma 1 2 643 7 1 1 5 1 */
+1176, /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik 1 2 643 7 1 1 5 2 */
+1180, /* OBJ_id_tc26_wrap_gostr3412_2015_magma 1 2 643 7 1 1 7 1 */
+1182, /* OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik 1 2 643 7 1 1 7 2 */
+1174, /* OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm 1 2 643 7 1 1 5 1 1 */
+1175, /* OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac 1 2 643 7 1 1 5 1 2 */
+1177, /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm 1 2 643 7 1 1 5 2 1 */
+1178, /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac 1 2 643 7 1 1 5 2 2 */
+1181, /* OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 1 2 643 7 1 1 7 1 1 */
+1183, /* OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1 2 643 7 1 1 7 1 1 */
+1184, /* OBJ_id_tc26_gost_3410_2012_256_paramSetB 1 2 643 7 1 2 1 1 2 */
+1185, /* OBJ_id_tc26_gost_3410_2012_256_paramSetC 1 2 643 7 1 2 1 1 3 */
+1186, /* OBJ_id_tc26_gost_3410_2012_256_paramSetD 1 2 643 7 1 2 1 1 4 */
+1147, /* OBJ_id_tc26_gost_3410_2012_256_constants 1 2 643 7 1 2 1 1 */
+1148, /* OBJ_id_tc26_gost_3410_2012_256_paramSetA 1 2 643 7 1 2 1 1 1 */
+1149, /* OBJ_id_tc26_gost_3410_2012_512_paramSetC 1 2 643 7 1 2 1 2 3 */
};
diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
index 430e14a244..a871bb0c7e 100644
--- a/crypto/objects/obj_mac.h
+++ b/crypto/objects/obj_mac.h
@@ -4364,3 +4364,96 @@
#define LN_jurisdictionCountryName "jurisdictionCountryName"
#define NID_jurisdictionCountryName 957
#define OBJ_jurisdictionCountryName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+
+
+#define SN_id_tc26_cipher_gostr3412_2015_magma "id-tc26-cipher-gostr3412-2015-magma"
+#define NID_id_tc26_cipher_gostr3412_2015_magma 1173
+#define OBJ_id_tc26_cipher_gostr3412_2015_magma OBJ_id_tc26_cipher,1L
+
+#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm "id-tc26-cipher-gostr3412-2015-magma-ctracpkm"
+#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm 1174
+#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm OBJ_id_tc26_cipher_gostr3412_2015_magma,1L
+
+#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac"
+#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac 1175
+#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac OBJ_id_tc26_cipher_gostr3412_2015_magma,2L
+
+#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik "id-tc26-cipher-gostr3412-2015-kuznyechik"
+#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik 1176
+#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik OBJ_id_tc26_cipher,2L
+
+#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm"
+#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm 1177
+#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,1L
+
+#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac"
+#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac 1178
+#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,2L
+
+#define SN_id_tc26_wrap "id-tc26-wrap"
+#define NID_id_tc26_wrap 1179
+#define OBJ_id_tc26_wrap OBJ_id_tc26_algorithms,7L
+
+#define SN_id_tc26_wrap_gostr3412_2015_magma "id-tc26-wrap-gostr3412-2015-magma"
+#define NID_id_tc26_wrap_gostr3412_2015_magma 1180
+#define OBJ_id_tc26_wrap_gostr3412_2015_magma OBJ_id_tc26_wrap,1L
+
+#define SN_id_tc26_wrap_gostr3412_2015_magma_kexp15 "id-tc26-wrap-gostr3412-2015-magma-kexp15"
+#define NID_id_tc26_wrap_gostr3412_2015_magma_kexp15 1181
+#define OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 OBJ_id_tc26_wrap_gostr3412_2015_magma,1L
+
+#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik "id-tc26-wrap-gostr3412-2015-kuznyechik"
+#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik 1182
+#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik OBJ_id_tc26_wrap,2L
+
+#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15"
+#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1183
+#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 OBJ_id_tc26_wrap_gostr3412_2015_magma,1L
+
+#define SN_id_tc26_gost_3410_2012_256_paramSetB "id-tc26-gost-3410-2012-256-paramSetB"
+#define LN_id_tc26_gost_3410_2012_256_paramSetB "GOST R 34.10-2012 (256 bit) ParamSet B"
+#define NID_id_tc26_gost_3410_2012_256_paramSetB 1184
+#define OBJ_id_tc26_gost_3410_2012_256_paramSetB OBJ_id_tc26_gost_3410_2012_256_constants,2L
+
+#define SN_id_tc26_gost_3410_2012_256_paramSetC "id-tc26-gost-3410-2012-256-paramSetC"
+#define LN_id_tc26_gost_3410_2012_256_paramSetC "GOST R 34.10-2012 (256 bit) ParamSet C"
+#define NID_id_tc26_gost_3410_2012_256_paramSetC 1185
+#define OBJ_id_tc26_gost_3410_2012_256_paramSetC OBJ_id_tc26_gost_3410_2012_256_constants,3L
+
+#define SN_id_tc26_gost_3410_2012_256_paramSetD "id-tc26-gost-3410-2012-256-paramSetD"
+#define LN_id_tc26_gost_3410_2012_256_paramSetD "GOST R 34.10-2012 (256 bit) ParamSet D"
+#define NID_id_tc26_gost_3410_2012_256_paramSetD 1186
+#define OBJ_id_tc26_gost_3410_2012_256_paramSetD OBJ_id_tc26_gost_3410_2012_256_constants,4L
+
+#define SN_magma_ecb "magma-ecb"
+#define NID_magma_ecb 1187
+
+#define SN_magma_ctr "magma-ctr"
+#define NID_magma_ctr 1188
+
+#define SN_magma_ofb "magma-ofb"
+#define NID_magma_ofb 1189
+
+#define SN_magma_cbc "magma-cbc"
+#define NID_magma_cbc 1190
+
+#define SN_magma_cfb "magma-cfb"
+#define NID_magma_cfb 1191
+
+#define SN_magma_mac "magma-mac"
+#define NID_magma_mac 1192
+
+#define SN_id_tc26_gost_3410_2012_256_constants "id-tc26-gost-3410-2012-256-constants"
+#define LN_id_tc26_gost_3410_2012_256_constants "id-tc26-gost-3410-2012-256-constants"
+#define NID_id_tc26_gost_3410_2012_256_constants 1147
+#define OBJ_id_tc26_gost_3410_2012_256_constants OBJ_id_tc26_sign_constants,1L
+
+#define SN_id_tc26_gost_3410_2012_256_paramSetA "id-tc26-gost-3410-2012-256-paramSetA"
+#define LN_id_tc26_gost_3410_2012_256_paramSetA "GOST R 34.10-2012 (256 bit) ParamSet A"
+#define NID_id_tc26_gost_3410_2012_256_paramSetA 1148
+#define OBJ_id_tc26_gost_3410_2012_256_paramSetA OBJ_id_tc26_gost_3410_2012_256_constants,1L
+
+#define SN_id_tc26_gost_3410_2012_512_paramSetC "id-tc26-gost-3410-2012-512-paramSetC"
+#define LN_id_tc26_gost_3410_2012_512_paramSetC "GOST R 34.10-2012 (512 bit) ParamSet C"
+#define NID_id_tc26_gost_3410_2012_512_paramSetC 1149
+#define OBJ_id_tc26_gost_3410_2012_512_paramSetC OBJ_id_tc26_gost_3410_2012_512_constants,3L
diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
index e5f2eaeb6e..3a5af05f6e 100644
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -977,10 +977,13 @@ id_tc26_agreement_gost_3410_2012_256 976
id_tc26_agreement_gost_3410_2012_512 977
id_tc26_constants 978
id_tc26_sign_constants 979
+id_tc26_gost_3410_2012_256_constants 1147
+id_tc26_gost_3410_2012_256_paramSetA 1148
id_tc26_gost_3410_2012_512_constants 980
id_tc26_gost_3410_2012_512_paramSetTest 981
id_tc26_gost_3410_2012_512_paramSetA 982
id_tc26_gost_3410_2012_512_paramSetB 983
+id_tc26_gost_3410_2012_512_paramSetC 1149
id_tc26_digest_constants 984
id_tc26_cipher_constants 985
id_tc26_gost_28147_constants 986
@@ -997,3 +1000,23 @@ grasshopper_ofb 996
grasshopper_cbc 997
grasshopper_cfb 998
grasshopper_mac 999
+id_tc26_cipher_gostr3412_2015_magma 1173
+id_tc26_cipher_gostr3412_2015_magma_ctracpkm 1174
+id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac 1175
+id_tc26_cipher_gostr3412_2015_kuznyechik 1176
+id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm 1177
+id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac 1178
+id_tc26_wrap 1179
+id_tc26_wrap_gostr3412_2015_magma 1180
+id_tc26_wrap_gostr3412_2015_magma_kexp15 1181
+id_tc26_wrap_gostr3412_2015_kuznyechik 1182
+id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1183
+id_tc26_gost_3410_2012_256_paramSetB 1184
+id_tc26_gost_3410_2012_256_paramSetC 1185
+id_tc26_gost_3410_2012_256_paramSetD 1186
+magma_ecb 1187
+magma_ctr 1188
+magma_ofb 1189
+magma_cbc 1190
+magma_cfb 1191
+magma_mac 1192
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index 31286b176a..7b400c9842 100644
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -1259,18 +1259,36 @@ id-tc26-mac 1 : id-tc26-hmac-gost-3411-2012-256 : HMAC GOST 34.11-2012 256 bit
id-tc26-mac 2 : id-tc26-hmac-gost-3411-2012-512 : HMAC GOST 34.11-2012 512 bit
id-tc26-algorithms 5 : id-tc26-cipher
+id-tc26-cipher 1 : id-tc26-cipher-gostr3412-2015-magma
+id-tc26-cipher-gostr3412-2015-magma 1 : id-tc26-cipher-gostr3412-2015-magma-ctracpkm
+id-tc26-cipher-gostr3412-2015-magma 2 : id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac
+id-tc26-cipher 2 : id-tc26-cipher-gostr3412-2015-kuznyechik
+id-tc26-cipher-gostr3412-2015-kuznyechik 1 : id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm
+id-tc26-cipher-gostr3412-2015-kuznyechik 2 : id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac
id-tc26-algorithms 6 : id-tc26-agreement
id-tc26-agreement 1 : id-tc26-agreement-gost-3410-2012-256
id-tc26-agreement 2 : id-tc26-agreement-gost-3410-2012-512
+id-tc26-algorithms 7 : id-tc26-wrap
+id-tc26-wrap 1 : id-tc26-wrap-gostr3412-2015-magma
+id-tc26-wrap-gostr3412-2015-magma 1 : id-tc26-wrap-gostr3412-2015-magma-kexp15
+id-tc26-wrap 2 : id-tc26-wrap-gostr3412-2015-kuznyechik
+id-tc26-wrap-gostr3412-2015-magma 1 : id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15
+
id-tc26 2 : id-tc26-constants
id-tc26-constants 1 : id-tc26-sign-constants
+id-tc26-sign-constants 1: id-tc26-gost-3410-2012-256-constants
id-tc26-sign-constants 2: id-tc26-gost-3410-2012-512-constants
+id-tc26-gost-3410-2012-256-constants 1 : id-tc26-gost-3410-2012-256-paramSetA: GOST R 34.10-2012 (256 bit) ParamSet A
+id-tc26-gost-3410-2012-256-constants 2 : id-tc26-gost-3410-2012-256-paramSetB: GOST R 34.10-2012 (256 bit) ParamSet B
+id-tc26-gost-3410-2012-256-constants 3 : id-tc26-gost-3410-2012-256-paramSetC: GOST R 34.10-2012 (256 bit) ParamSet C
+id-tc26-gost-3410-2012-256-constants 4 : id-tc26-gost-3410-2012-256-paramSetD: GOST R 34.10-2012 (256 bit) ParamSet D
id-tc26-gost-3410-2012-512-constants 0 : id-tc26-gost-3410-2012-512-paramSetTest: GOST R 34.10-2012 (512 bit) testing parameter set
id-tc26-gost-3410-2012-512-constants 1 : id-tc26-gost-3410-2012-512-paramSetA: GOST R 34.10-2012 (512 bit) ParamSet A
id-tc26-gost-3410-2012-512-constants 2 : id-tc26-gost-3410-2012-512-paramSetB: GOST R 34.10-2012 (512 bit) ParamSet B
+id-tc26-gost-3410-2012-512-constants 3 : id-tc26-gost-3410-2012-512-paramSetC: GOST R 34.10-2012 (512 bit) ParamSet C
id-tc26-constants 2 : id-tc26-digest-constants
id-tc26-constants 5 : id-tc26-cipher-constants
@@ -1289,6 +1307,14 @@ member-body 643 100 3 : SNILS : SNILS
: grasshopper-cfb
: grasshopper-mac
+#GOST R34.13-2015 Magma
+ : magma-ecb
+ : magma-ctr
+ : magma-ofb
+ : magma-cbc
+ : magma-cfb
+ : magma-mac
+
# Definitions for Camellia cipher - CBC MODE
1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC : camellia-128-cbc
--
2.20.1

45
openssl-1.0.2-add-engines.patch
View file

@ -1,45 +0,0 @@
--- openssl-1.0.2/apps/version.c.version-add-engines 2015-01-25 13:46:17.556753160 +0100
+++ openssl-1.0.2/apps/version.c 2015-01-25 13:55:16.310634385 +0100
@@ -131,6 +131,7 @@
#ifndef OPENSSL_NO_BF
# include <openssl/blowfish.h>
#endif
+#include <openssl/engine.h>
#undef PROG
#define PROG version_main
@@ -140,7 +141,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv)
{
int i, ret = 0;
- int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0;
+ int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0, engines = 0;
apps_startup();
@@ -164,7 +165,7 @@ int MAIN(int argc, char **argv)
else if (strcmp(argv[i], "-d") == 0)
dir = 1;
else if (strcmp(argv[i], "-a") == 0)
- date = version = cflags = options = platform = dir = 1;
+ date = version = cflags = options = platform = dir = engines = 1;
else {
BIO_printf(bio_err, "usage:version -[avbofpd]\n");
ret = 1;
@@ -208,6 +209,16 @@ int MAIN(int argc, char **argv)
printf("%s\n", SSLeay_version(SSLEAY_CFLAGS));
if (dir)
printf("%s\n", SSLeay_version(SSLEAY_DIR));
+ if (engines) {
+ ENGINE *e;
+ printf("engines: ");
+ e = ENGINE_get_first();
+ while(e) {
+ printf("%s ", ENGINE_get_id(e));
+ e = ENGINE_get_next(e);
+ }
+ printf("\n");
+ }
end:
apps_shutdown();
OPENSSL_EXIT(ret);

32
openssl-1.0.2-defaults.patch
View file

@ -1,32 +0,0 @@
--- openssl-1.0.2/apps/openssl.cnf.defaults 2015-01-22 15:58:06.000000000 +0100
+++ openssl-1.0.2/apps/openssl.cnf 2015-01-25 11:27:18.561475929 +0100
@@ -104,6 +104,7 @@ emailAddress = optional
####################################################################
[ req ]
default_bits = 2048
+default_md = sha1
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
@@ -126,17 +127,18 @@ string_mask = utf8only
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
-countryName_default = AU
+countryName_default = XX
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
+stateOrProvinceName_default = Default Province
localityName = Locality Name (eg, city)
+localityName_default = Default City
0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
+0.organizationName_default = Default Company Ltd
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)

50
openssl-1.0.2-enginesdir.patch
View file

@ -1,50 +0,0 @@
--- openssl-1.0.2/Configure.engines 2015-01-25 13:56:48.037706400 +0100
+++ openssl-1.0.2/Configure 2015-01-25 13:56:48.038706401 +0100
@@ -710,6 +710,7 @@ my $idx_multilib = $idx++;
my $prefix="";
my $libdir="";
my $openssldir="";
+my $enginesdir="";
my $exe_ext="";
my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
my $cross_compile_prefix="";
@@ -937,6 +938,10 @@ PROCESS_ARGS:
{
$openssldir=$1;
}
+ elsif (/^--enginesdir=(.*)$/)
+ {
+ $enginesdir=$1;
+ }
elsif (/^--install.prefix=(.*)$/)
{
$install_prefix=$1;
@@ -1193,7 +1198,7 @@ chop $prefix if $prefix =~ /.\/$/;
$openssldir=$prefix . "/ssl" if $openssldir eq "";
$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
-
+$enginesdir="$prefix/lib/engines" if $enginesdir eq "";
print "IsMK1MF=$IsMK1MF\n";
@@ -1879,7 +1884,7 @@ while (<IN>)
}
elsif (/^#define\s+ENGINESDIR/)
{
- my $foo = "$prefix/$libdir/engines";
+ my $foo = "$enginesdir";
$foo =~ s/\\/\\\\/g;
print OUT "#define ENGINESDIR \"$foo\"\n";
}
--- openssl-1.0.2/engines/Makefile.engines 2015-01-25 13:56:48.039706402 +0100
+++ openssl-1.0.2/engines/Makefile 2015-01-25 13:57:23.706518032 +0100
@@ -124,7 +124,7 @@ install:
esac; \
cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
fi; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
done; \
fi

21
openssl-1.0.2-test-use-localhost.patch
View file

@ -1,21 +0,0 @@
diff -Naur openssl-1.0.2o.orig/ssl/ssltest.c openssl-1.0.2o/ssl/ssltest.c
--- openssl-1.0.2o.orig/ssl/ssltest.c 2018-03-31 19:02:09.054769078 +0300
+++ openssl-1.0.2o/ssl/ssltest.c 2018-03-31 19:02:09.070769368 +0300
@@ -1859,16 +1859,7 @@
#ifndef OPENSSL_NO_KRB5
if (c_ssl && c_ssl->kssl_ctx) {
- char localhost[MAXHOSTNAMELEN + 2];
-
- if (gethostname(localhost, sizeof(localhost) - 1) == 0) {
- localhost[sizeof(localhost) - 1] = '\0';
- if (strlen(localhost) == sizeof(localhost) - 1) {
- BIO_printf(bio_err, "localhost name too long\n");
- goto end;
- }
- kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, localhost);
- }
+ kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, "localhost");
}
#endif /* OPENSSL_NO_KRB5 */

27
openssl-1.0.2-x509.patch
View file

@ -1,27 +0,0 @@
--- openssl-1.0.2/crypto/x509/by_file.c.x509 2015-01-25 11:27:44.827662311 +0100
+++ openssl-1.0.2/crypto/x509/by_file.c 2015-01-25 13:46:01.748713008 +0100
@@ -152,9 +152,12 @@ int X509_load_cert_file(X509_LOOKUP *ctx
}
}
i = X509_STORE_add_cert(ctx->store_ctx, x);
- if (!i)
- goto err;
- count++;
+ /* ignore any problems with current certificate and
+ * continue with the next one */
+ if(i)
+ count++;
+ else
+ ERR_clear_error();
X509_free(x);
x = NULL;
}
@@ -167,7 +170,7 @@ int X509_load_cert_file(X509_LOOKUP *ctx
}
i = X509_STORE_add_cert(ctx->store_ctx, x);
if (!i)
- goto err;
+ ERR_clear_error();
ret = i;
} else {
X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_BAD_X509_FILETYPE);

85
openssl-1.0.2e-optflags.patch
View file

@ -1,85 +0,0 @@
--- openssl-1.0.2/Configure.optflags 2015-01-22 09:58:32.000000000 -0500
+++ openssl-1.0.2/Configure 2015-02-19 17:35:04.071328593 -0500
@@ -348,8 +348,8 @@ my %table=(
####
# *-generic* is endian-neutral target, but ./config is free to
# throw in -D[BL]_ENDIAN, whichever appropriate...
-"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-generic32","gcc:\$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc", "gcc:-DB_ENDIAN \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#######################################################################
# Note that -march is not among compiler options in below linux-armv4
@@ -378,8 +378,8 @@ my %table=(
#
# ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8
#
-"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-armv4", "gcc: \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-aarch64","gcc: \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# Configure script adds minimally required -march for assembly support,
# if no -march was specified at command line. mips32 and mips64 below
# refer to contemporary MIPS Architecture specifications, MIPS32 and
@@ -388,20 +388,20 @@ my %table=(
"linux-mips64", "gcc:-mabi=n32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
"linux64-mips64", "gcc:-mabi=64 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
#### IA-32 targets...
-"linux-ia32-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
+"linux-ia32-icc", "icc:-DL_ENDIAN \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf", "gcc:-DL_ENDIAN \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-aout", "gcc:-DL_ENDIAN \$(RPM_OPT_FLAGS) -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
####
-"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc64", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-ppc64le","gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
-"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"debug-linux-x86_64-clang", "clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
+"linux-generic64","gcc:\$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc64", "gcc:-m64 -DB_ENDIAN \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-ppc64le","gcc:-m64 -DL_ENDIAN \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
+"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-icc","icc:-DL_ENDIAN \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-x86_64", "gcc:-m64 -DL_ENDIAN \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN \$(RPM_OPT_FLAGS) -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"debug-linux-x86_64-clang", "clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x86_64-icc", "icc:-DL_ENDIAN \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x32", "gcc:-mx32 -DL_ENDIAN \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
#### So called "highgprs" target for z/Architecture CPUs
# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
@@ -419,12 +419,12 @@ my %table=(
#### SPARC Linux setups
# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
# assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN \$(RPM_OPT_FLAGS) -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# it's a real mess with -mcpu=ultrasparc option under Linux, but
# -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN \$(RPM_OPT_FLAGS) -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
# GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
#### Alpha Linux with GNU C and Compaq C setups
# Special notes:
# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
@@ -438,8 +438,8 @@ my %table=(
#
# <appro@fy.chalmers.se>
#
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-gcc","gcc:$(RPM_OPT_FLAGS) -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha+bwx-gcc","gcc:$(RPM_OPT_FLAGS) -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",

930
openssl-1.0.2l-gost-engine.patch
View file

@ -1,930 +0,0 @@
diff -urN openssl-1.0.2l/crypto/asn1/a_mbstr.c openssl-1.0.2l-patched/crypto/asn1/a_mbstr.c
--- openssl-1.0.2l/crypto/asn1/a_mbstr.c 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/asn1/a_mbstr.c 2017-06-30 22:32:46.624534512 +1000
@@ -173,6 +173,8 @@
str_type = V_ASN1_PRINTABLESTRING;
else if (mask & B_ASN1_IA5STRING)
str_type = V_ASN1_IA5STRING;
+ else if (mask & B_ASN1_NUMERICSTRING)
+ str_type = V_ASN1_NUMERICSTRING;
else if (mask & B_ASN1_T61STRING)
str_type = V_ASN1_T61STRING;
else if (mask & B_ASN1_BMPSTRING) {
diff -urN openssl-1.0.2l/crypto/asn1/a_strnid.c openssl-1.0.2l-patched/crypto/asn1/a_strnid.c
--- openssl-1.0.2l/crypto/asn1/a_strnid.c 2017-05-25 22:54:38.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/asn1/a_strnid.c 2017-06-30 22:34:13.106542001 +1000
@@ -193,7 +193,10 @@
{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
{NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
{NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
- {NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}
+ {NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+ {NID_INN, 1, 12, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
+ {NID_OGRN, 1, 13, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
+ {NID_SNILS, 1, 11, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}
};
static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,
diff -urN openssl-1.0.2l/crypto/cms/cms_sd.c openssl-1.0.2l-patched/crypto/cms/cms_sd.c
--- openssl-1.0.2l/crypto/cms/cms_sd.c 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/cms/cms_sd.c 2017-06-30 22:32:46.626534512 +1000
@@ -943,6 +943,8 @@
int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
{
if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
+ || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1)
+ || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1)
|| !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
|| !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
|| !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
diff -urN openssl-1.0.2l/crypto/evp/evp.h openssl-1.0.2l-patched/crypto/evp/evp.h
--- openssl-1.0.2l/crypto/evp/evp.h 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/evp/evp.h 2017-06-30 22:32:46.627534512 +1000
@@ -423,6 +423,35 @@
# define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b
# define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c
+/*
+ * Russian GOST has some parameters defining its usage:
+ * S-blocks, key meshing, padding modes
+ */
+#define EVP_CTRL_GOST_PARAMS 0x1d
+#define EVP_CTRL_GOST_KEY_MESHING 0x1e
+#define EVP_CTRL_GOST_PADDING 0x1f
+
+/* EVP_CTRL_SET_SBOX takes the char * specifying S-boxes */
+# define EVP_CTRL_SET_SBOX 0x1d
+/*
+ * EVP_CTRL_SBOX_USED takes a 'size_t' and 'char *', pointing at a
+ * pre-allocated buffer with specified size
+ */
+# define EVP_CTRL_SBOX_USED 0x1e
+/* EVP_CTRL_KEY_MESH takes 'size_t' number of bytes to mesh the key after,
+ * 0 switches meshing off
+ */
+# define EVP_CTRL_KEY_MESH 0x1f
+/* EVP_CTRL_BLOCK_PADDING_MODE takes the padding mode */
+# define EVP_CTRL_BLOCK_PADDING_MODE 0x20
+
+/* Padding modes */
+#define EVP_PADDING_PKCS7 1
+#define EVP_PADDING_ISO7816_4 2
+#define EVP_PADDING_ANSI923 3
+#define EVP_PADDING_ISO10126 4
+#define EVP_PADDING_ZERO 5
+
/* RFC 5246 defines additional data to be 13 bytes in length */
# define EVP_AEAD_TLS1_AAD_LEN 13
diff -urN openssl-1.0.2l/crypto/evp/evp_pbe.c openssl-1.0.2l-patched/crypto/evp/evp_pbe.c
--- openssl-1.0.2l/crypto/evp/evp_pbe.c 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/evp/evp_pbe.c 2017-06-30 22:32:46.627534512 +1000
@@ -121,6 +121,10 @@
{EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0},
{EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0},
{EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0},
+ {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_256, -1,
+ NID_id_GostR3411_2012_256, 0},
+ {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_512, -1,
+ NID_id_GostR3411_2012_512, 0},
};
#ifdef TEST
diff -urN openssl-1.0.2l/crypto/objects/obj_dat.h openssl-1.0.2l-patched/crypto/objects/obj_dat.h
--- openssl-1.0.2l/crypto/objects/obj_dat.h 2017-05-25 22:55:20.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/objects/obj_dat.h 2017-06-30 22:32:46.631534513 +1000
@@ -62,12 +62,12 @@
* [including the GNU Public Licence.]
*/
-#define NUM_NID 958
-#define NUM_SN 951
-#define NUM_LN 951
-#define NUM_OBJ 890
+#define NUM_NID 1000
+#define NUM_SN 993
+#define NUM_LN 993
+#define NUM_OBJ 921
-static const unsigned char lvalues[6255]={
+static const unsigned char lvalues[6485]={
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */
@@ -952,6 +952,37 @@
0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x01,/* [6221] OBJ_jurisdictionLocalityName */
0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02,/* [6232] OBJ_jurisdictionStateOrProvinceName */
0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03,/* [6243] OBJ_jurisdictionCountryName */
+0x2A,0x85,0x03,0x07,0x01, /* [6254] OBJ_id_tc26 */
+0x2A,0x85,0x03,0x07,0x01,0x01, /* [6259] OBJ_id_tc26_algorithms */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x01, /* [6265] OBJ_id_tc26_sign */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x01, /* [6272] OBJ_id_GostR3410_2012_256 */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x02, /* [6280] OBJ_id_GostR3410_2012_512 */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x02, /* [6288] OBJ_id_tc26_digest */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x02, /* [6295] OBJ_id_GostR3411_2012_256 */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x03, /* [6303] OBJ_id_GostR3411_2012_512 */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x03, /* [6311] OBJ_id_tc26_signwithdigest */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x02, /* [6318] OBJ_id_tc26_signwithdigest_gost3410_2012_256 */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x03, /* [6326] OBJ_id_tc26_signwithdigest_gost3410_2012_512 */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x04, /* [6334] OBJ_id_tc26_mac */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x01, /* [6341] OBJ_id_tc26_hmac_gost_3411_2012_256 */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x02, /* [6349] OBJ_id_tc26_hmac_gost_3411_2012_512 */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x05, /* [6357] OBJ_id_tc26_cipher */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x06, /* [6364] OBJ_id_tc26_agreement */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x01, /* [6371] OBJ_id_tc26_agreement_gost_3410_2012_256 */
+0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x02, /* [6379] OBJ_id_tc26_agreement_gost_3410_2012_512 */
+0x2A,0x85,0x03,0x07,0x01,0x02, /* [6387] OBJ_id_tc26_constants */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x01, /* [6393] OBJ_id_tc26_sign_constants */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02, /* [6400] OBJ_id_tc26_gost_3410_2012_512_constants */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x00,/* [6408] OBJ_id_tc26_gost_3410_2012_512_paramSetTest */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x01,/* [6417] OBJ_id_tc26_gost_3410_2012_512_paramSetA */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x02,/* [6426] OBJ_id_tc26_gost_3410_2012_512_paramSetB */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x02, /* [6435] OBJ_id_tc26_digest_constants */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x05, /* [6442] OBJ_id_tc26_cipher_constants */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01, /* [6449] OBJ_id_tc26_gost_28147_constants */
+0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01,0x01,/* [6457] OBJ_id_tc26_gost_28147_param_Z */
+0x2A,0x85,0x03,0x03,0x81,0x03,0x01,0x01, /* [6466] OBJ_INN */
+0x2A,0x85,0x03,0x64,0x01, /* [6474] OBJ_OGRN */
+0x2A,0x85,0x03,0x64,0x03, /* [6479] OBJ_SNILS */
};
static const ASN1_OBJECT nid_objs[NUM_NID]={
@@ -2514,6 +2545,81 @@
NID_jurisdictionStateOrProvinceName,11,&(lvalues[6232]),0},
{"jurisdictionC","jurisdictionCountryName",
NID_jurisdictionCountryName,11,&(lvalues[6243]),0},
+{"id-tc26","id-tc26",NID_id_tc26,5,&(lvalues[6254]),0},
+{"gost89-cnt-12","gost89-cnt-12",NID_gost89_cnt_12,0,NULL,0},
+{"gost-mac-12","gost-mac-12",NID_gost_mac_12,0,NULL,0},
+{"id-tc26-algorithms","id-tc26-algorithms",NID_id_tc26_algorithms,6,
+ &(lvalues[6259]),0},
+{"id-tc26-sign","id-tc26-sign",NID_id_tc26_sign,7,&(lvalues[6265]),0},
+{"gost2012_256","GOST R 34.10-2012 with 256 bit modulus",
+ NID_id_GostR3410_2012_256,8,&(lvalues[6272]),0},
+{"gost2012_512","GOST R 34.10-2012 with 512 bit modulus",
+ NID_id_GostR3410_2012_512,8,&(lvalues[6280]),0},
+{"id-tc26-digest","id-tc26-digest",NID_id_tc26_digest,7,
+ &(lvalues[6288]),0},
+{"md_gost12_256","GOST R 34.11-2012 with 256 bit hash",
+ NID_id_GostR3411_2012_256,8,&(lvalues[6295]),0},
+{"md_gost12_512","GOST R 34.11-2012 with 512 bit hash",
+ NID_id_GostR3411_2012_512,8,&(lvalues[6303]),0},
+{"id-tc26-signwithdigest","id-tc26-signwithdigest",
+ NID_id_tc26_signwithdigest,7,&(lvalues[6311]),0},
+{"id-tc26-signwithdigest-gost3410-2012-256",
+ "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)",
+ NID_id_tc26_signwithdigest_gost3410_2012_256,8,&(lvalues[6318]),0},
+{"id-tc26-signwithdigest-gost3410-2012-512",
+ "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)",
+ NID_id_tc26_signwithdigest_gost3410_2012_512,8,&(lvalues[6326]),0},
+{"id-tc26-mac","id-tc26-mac",NID_id_tc26_mac,7,&(lvalues[6334]),0},
+{"id-tc26-hmac-gost-3411-2012-256","HMAC GOST 34.11-2012 256 bit",
+ NID_id_tc26_hmac_gost_3411_2012_256,8,&(lvalues[6341]),0},
+{"id-tc26-hmac-gost-3411-2012-512","HMAC GOST 34.11-2012 512 bit",
+ NID_id_tc26_hmac_gost_3411_2012_512,8,&(lvalues[6349]),0},
+{"id-tc26-cipher","id-tc26-cipher",NID_id_tc26_cipher,7,
+ &(lvalues[6357]),0},
+{"id-tc26-agreement","id-tc26-agreement",NID_id_tc26_agreement,7,
+ &(lvalues[6364]),0},
+{"id-tc26-agreement-gost-3410-2012-256",
+ "id-tc26-agreement-gost-3410-2012-256",
+ NID_id_tc26_agreement_gost_3410_2012_256,8,&(lvalues[6371]),0},
+{"id-tc26-agreement-gost-3410-2012-512",
+ "id-tc26-agreement-gost-3410-2012-512",
+ NID_id_tc26_agreement_gost_3410_2012_512,8,&(lvalues[6379]),0},
+{"id-tc26-constants","id-tc26-constants",NID_id_tc26_constants,6,
+ &(lvalues[6387]),0},
+{"id-tc26-sign-constants","id-tc26-sign-constants",
+ NID_id_tc26_sign_constants,7,&(lvalues[6393]),0},
+{"id-tc26-gost-3410-2012-512-constants",
+ "id-tc26-gost-3410-2012-512-constants",
+ NID_id_tc26_gost_3410_2012_512_constants,8,&(lvalues[6400]),0},
+{"id-tc26-gost-3410-2012-512-paramSetTest",
+ "GOST R 34.10-2012 (512 bit) testing parameter set",
+ NID_id_tc26_gost_3410_2012_512_paramSetTest,9,&(lvalues[6408]),0},
+{"id-tc26-gost-3410-2012-512-paramSetA",
+ "GOST R 34.10-2012 (512 bit) ParamSet A",
+ NID_id_tc26_gost_3410_2012_512_paramSetA,9,&(lvalues[6417]),0},
+{"id-tc26-gost-3410-2012-512-paramSetB",
+ "GOST R 34.10-2012 (512 bit) ParamSet B",
+ NID_id_tc26_gost_3410_2012_512_paramSetB,9,&(lvalues[6426]),0},
+{"id-tc26-digest-constants","id-tc26-digest-constants",
+ NID_id_tc26_digest_constants,7,&(lvalues[6435]),0},
+{"id-tc26-cipher-constants","id-tc26-cipher-constants",
+ NID_id_tc26_cipher_constants,7,&(lvalues[6442]),0},
+{"id-tc26-gost-28147-constants","id-tc26-gost-28147-constants",
+ NID_id_tc26_gost_28147_constants,8,&(lvalues[6449]),0},
+{"id-tc26-gost-28147-param-Z","GOST 28147-89 TC26 parameter set",
+ NID_id_tc26_gost_28147_param_Z,9,&(lvalues[6457]),0},
+{"INN","INN",NID_INN,8,&(lvalues[6466]),0},
+{"OGRN","OGRN",NID_OGRN,5,&(lvalues[6474]),0},
+{"SNILS","SNILS",NID_SNILS,5,&(lvalues[6479]),0},
+{"gost89-cbc","gost89-cbc",NID_gost89_cbc,0,NULL,0},
+{"gost89-ecb","gost89-ecb",NID_gost89_ecb,0,NULL,0},
+{"gost89-ctr","gost89-ctr",NID_gost89_ctr,0,NULL,0},
+{"grasshopper-ecb","grasshopper-ecb",NID_grasshopper_ecb,0,NULL,0},
+{"grasshopper-ctr","grasshopper-ctr",NID_grasshopper_ctr,0,NULL,0},
+{"grasshopper-ofb","grasshopper-ofb",NID_grasshopper_ofb,0,NULL,0},
+{"grasshopper-cbc","grasshopper-cbc",NID_grasshopper_cbc,0,NULL,0},
+{"grasshopper-cfb","grasshopper-cfb",NID_grasshopper_cfb,0,NULL,0},
+{"grasshopper-mac","grasshopper-mac",NID_grasshopper_mac,0,NULL,0},
};
static const unsigned int sn_objs[NUM_SN]={
@@ -2614,6 +2720,7 @@
35, /* "IDEA-CFB" */
36, /* "IDEA-ECB" */
46, /* "IDEA-OFB" */
+988, /* "INN" */
181, /* "ISO" */
183, /* "ISO-US" */
645, /* "ITU-T" */
@@ -2635,6 +2742,7 @@
17, /* "O" */
178, /* "OCSP" */
180, /* "OCSPSigning" */
+989, /* "OGRN" */
379, /* "ORG" */
18, /* "OU" */
749, /* "Oakley-EC2N-3" */
@@ -2700,6 +2808,7 @@
188, /* "SMIME" */
167, /* "SMIME-CAPS" */
100, /* "SN" */
+990, /* "SNILS" */
16, /* "ST" */
143, /* "SXNetID" */
458, /* "UID" */
@@ -2858,12 +2967,25 @@
156, /* "friendlyName" */
509, /* "generationQualifier" */
815, /* "gost-mac" */
+960, /* "gost-mac-12" */
811, /* "gost2001" */
851, /* "gost2001cc" */
+963, /* "gost2012_256" */
+964, /* "gost2012_512" */
813, /* "gost89" */
+991, /* "gost89-cbc" */
814, /* "gost89-cnt" */
+959, /* "gost89-cnt-12" */
+993, /* "gost89-ctr" */
+992, /* "gost89-ecb" */
812, /* "gost94" */
850, /* "gost94cc" */
+997, /* "grasshopper-cbc" */
+998, /* "grasshopper-cfb" */
+995, /* "grasshopper-ctr" */
+994, /* "grasshopper-ecb" */
+999, /* "grasshopper-mac" */
+996, /* "grasshopper-ofb" */
797, /* "hmacWithMD5" */
163, /* "hmacWithSHA1" */
798, /* "hmacWithSHA224" */
@@ -3115,6 +3237,30 @@
194, /* "id-smime-spq" */
250, /* "id-smime-spq-ets-sqt-unotice" */
249, /* "id-smime-spq-ets-sqt-uri" */
+958, /* "id-tc26" */
+975, /* "id-tc26-agreement" */
+976, /* "id-tc26-agreement-gost-3410-2012-256" */
+977, /* "id-tc26-agreement-gost-3410-2012-512" */
+961, /* "id-tc26-algorithms" */
+974, /* "id-tc26-cipher" */
+985, /* "id-tc26-cipher-constants" */
+978, /* "id-tc26-constants" */
+965, /* "id-tc26-digest" */
+984, /* "id-tc26-digest-constants" */
+986, /* "id-tc26-gost-28147-constants" */
+987, /* "id-tc26-gost-28147-param-Z" */
+980, /* "id-tc26-gost-3410-2012-512-constants" */
+982, /* "id-tc26-gost-3410-2012-512-paramSetA" */
+983, /* "id-tc26-gost-3410-2012-512-paramSetB" */
+981, /* "id-tc26-gost-3410-2012-512-paramSetTest" */
+972, /* "id-tc26-hmac-gost-3411-2012-256" */
+973, /* "id-tc26-hmac-gost-3411-2012-512" */
+971, /* "id-tc26-mac" */
+962, /* "id-tc26-sign" */
+979, /* "id-tc26-sign-constants" */
+968, /* "id-tc26-signwithdigest" */
+969, /* "id-tc26-signwithdigest-gost3410-2012-256" */
+970, /* "id-tc26-signwithdigest-gost3410-2012-512" */
676, /* "identified-organization" */
461, /* "info" */
748, /* "inhibitAnyPolicy" */
@@ -3140,6 +3286,8 @@
460, /* "mail" */
493, /* "mailPreferenceOption" */
467, /* "manager" */
+966, /* "md_gost12_256" */
+967, /* "md_gost12_512" */
809, /* "md_gost94" */
875, /* "member" */
182, /* "member-body" */
@@ -3497,12 +3645,22 @@
813, /* "GOST 28147-89" */
849, /* "GOST 28147-89 Cryptocom ParamSet" */
815, /* "GOST 28147-89 MAC" */
+987, /* "GOST 28147-89 TC26 parameter set" */
851, /* "GOST 34.10-2001 Cryptocom" */
850, /* "GOST 34.10-94 Cryptocom" */
811, /* "GOST R 34.10-2001" */
817, /* "GOST R 34.10-2001 DH" */
+982, /* "GOST R 34.10-2012 (512 bit) ParamSet A" */
+983, /* "GOST R 34.10-2012 (512 bit) ParamSet B" */
+981, /* "GOST R 34.10-2012 (512 bit) testing parameter set" */
+963, /* "GOST R 34.10-2012 with 256 bit modulus" */
+964, /* "GOST R 34.10-2012 with 512 bit modulus" */
+969, /* "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)" */
+970, /* "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)" */
812, /* "GOST R 34.10-94" */
818, /* "GOST R 34.10-94 DH" */
+966, /* "GOST R 34.11-2012 with 256 bit hash" */
+967, /* "GOST R 34.11-2012 with 512 bit hash" */
809, /* "GOST R 34.11-94" */
816, /* "GOST R 34.11-94 PRF" */
807, /* "GOST R 34.11-94 with GOST R 34.10-2001" */
@@ -3510,12 +3668,15 @@
808, /* "GOST R 34.11-94 with GOST R 34.10-94" */
852, /* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */
854, /* "GOST R 3410-2001 Parameter Set Cryptocom" */
+972, /* "HMAC GOST 34.11-2012 256 bit" */
+973, /* "HMAC GOST 34.11-2012 512 bit" */
810, /* "HMAC GOST 34.11-94" */
432, /* "Hold Instruction Call Issuer" */
430, /* "Hold Instruction Code" */
431, /* "Hold Instruction None" */
433, /* "Hold Instruction Reject" */
634, /* "ICC or token signature" */
+988, /* "INN" */
294, /* "IPSec End System" */
295, /* "IPSec Tunnel" */
296, /* "IPSec User" */
@@ -3560,6 +3721,7 @@
366, /* "OCSP Nonce" */
371, /* "OCSP Service Locator" */
180, /* "OCSP Signing" */
+989, /* "OGRN" */
161, /* "PBES2" */
69, /* "PBKDF2" */
162, /* "PBMAC1" */
@@ -3573,6 +3735,7 @@
2, /* "RSA Data Security, Inc. PKCS" */
188, /* "S/MIME" */
167, /* "S/MIME Capabilities" */
+990, /* "SNILS" */
387, /* "SNMPv2" */
512, /* "Secure Electronic Transactions" */
386, /* "Security" */
@@ -3825,7 +3988,18 @@
509, /* "generationQualifier" */
601, /* "generic cryptogram" */
99, /* "givenName" */
+960, /* "gost-mac-12" */
+991, /* "gost89-cbc" */
814, /* "gost89-cnt" */
+959, /* "gost89-cnt-12" */
+993, /* "gost89-ctr" */
+992, /* "gost89-ecb" */
+997, /* "grasshopper-cbc" */
+998, /* "grasshopper-cfb" */
+995, /* "grasshopper-ctr" */
+994, /* "grasshopper-ecb" */
+999, /* "grasshopper-mac" */
+996, /* "grasshopper-ofb" */
855, /* "hmac" */
780, /* "hmac-md5" */
781, /* "hmac-sha1" */
@@ -4053,6 +4227,22 @@
194, /* "id-smime-spq" */
250, /* "id-smime-spq-ets-sqt-unotice" */
249, /* "id-smime-spq-ets-sqt-uri" */
+958, /* "id-tc26" */
+975, /* "id-tc26-agreement" */
+976, /* "id-tc26-agreement-gost-3410-2012-256" */
+977, /* "id-tc26-agreement-gost-3410-2012-512" */
+961, /* "id-tc26-algorithms" */
+974, /* "id-tc26-cipher" */
+985, /* "id-tc26-cipher-constants" */
+978, /* "id-tc26-constants" */
+965, /* "id-tc26-digest" */
+984, /* "id-tc26-digest-constants" */
+986, /* "id-tc26-gost-28147-constants" */
+980, /* "id-tc26-gost-3410-2012-512-constants" */
+971, /* "id-tc26-mac" */
+962, /* "id-tc26-sign" */
+979, /* "id-tc26-sign-constants" */
+968, /* "id-tc26-signwithdigest" */
34, /* "idea-cbc" */
35, /* "idea-cfb" */
36, /* "idea-ecb" */
@@ -4661,6 +4851,9 @@
639, /* OBJ_set_brand_JCB 2 23 42 8 35 */
805, /* OBJ_cryptopro 1 2 643 2 2 */
806, /* OBJ_cryptocom 1 2 643 2 9 */
+958, /* OBJ_id_tc26 1 2 643 7 1 */
+989, /* OBJ_OGRN 1 2 643 100 1 */
+990, /* OBJ_SNILS 1 2 643 100 3 */
184, /* OBJ_X9_57 1 2 840 10040 */
405, /* OBJ_ansi_X9_62 1 2 840 10045 */
389, /* OBJ_Enterprises 1 3 6 1 4 1 */
@@ -4745,6 +4938,8 @@
816, /* OBJ_id_GostR3411_94_prf 1 2 643 2 2 23 */
817, /* OBJ_id_GostR3410_2001DH 1 2 643 2 2 98 */
818, /* OBJ_id_GostR3410_94DH 1 2 643 2 2 99 */
+961, /* OBJ_id_tc26_algorithms 1 2 643 7 1 1 */
+978, /* OBJ_id_tc26_constants 1 2 643 7 1 2 */
1, /* OBJ_rsadsi 1 2 840 113549 */
185, /* OBJ_X9cm 1 2 840 10040 4 */
127, /* OBJ_id_pkix 1 3 6 1 5 5 7 */
@@ -4795,6 +4990,15 @@
842, /* OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1 2 643 2 2 35 3 */
843, /* OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet 1 2 643 2 2 36 0 */
844, /* OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet 1 2 643 2 2 36 1 */
+962, /* OBJ_id_tc26_sign 1 2 643 7 1 1 1 */
+965, /* OBJ_id_tc26_digest 1 2 643 7 1 1 2 */
+968, /* OBJ_id_tc26_signwithdigest 1 2 643 7 1 1 3 */
+971, /* OBJ_id_tc26_mac 1 2 643 7 1 1 4 */
+974, /* OBJ_id_tc26_cipher 1 2 643 7 1 1 5 */
+975, /* OBJ_id_tc26_agreement 1 2 643 7 1 1 6 */
+979, /* OBJ_id_tc26_sign_constants 1 2 643 7 1 2 1 */
+984, /* OBJ_id_tc26_digest_constants 1 2 643 7 1 2 2 */
+985, /* OBJ_id_tc26_cipher_constants 1 2 643 7 1 2 5 */
2, /* OBJ_pkcs 1 2 840 113549 1 */
431, /* OBJ_hold_instruction_none 1 2 840 10040 2 1 */
432, /* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */
@@ -4846,6 +5050,19 @@
851, /* OBJ_id_GostR3410_2001_cc 1 2 643 2 9 1 5 4 */
849, /* OBJ_id_Gost28147_89_cc 1 2 643 2 9 1 6 1 */
854, /* OBJ_id_GostR3410_2001_ParamSet_cc 1 2 643 2 9 1 8 1 */
+988, /* OBJ_INN 1 2 643 3 131 1 1 */
+963, /* OBJ_id_GostR3410_2012_256 1 2 643 7 1 1 1 1 */
+964, /* OBJ_id_GostR3410_2012_512 1 2 643 7 1 1 1 2 */
+966, /* OBJ_id_GostR3411_2012_256 1 2 643 7 1 1 2 2 */
+967, /* OBJ_id_GostR3411_2012_512 1 2 643 7 1 1 2 3 */
+969, /* OBJ_id_tc26_signwithdigest_gost3410_2012_256 1 2 643 7 1 1 3 2 */
+970, /* OBJ_id_tc26_signwithdigest_gost3410_2012_512 1 2 643 7 1 1 3 3 */
+972, /* OBJ_id_tc26_hmac_gost_3411_2012_256 1 2 643 7 1 1 4 1 */
+973, /* OBJ_id_tc26_hmac_gost_3411_2012_512 1 2 643 7 1 1 4 2 */
+976, /* OBJ_id_tc26_agreement_gost_3410_2012_256 1 2 643 7 1 1 6 1 */
+977, /* OBJ_id_tc26_agreement_gost_3410_2012_512 1 2 643 7 1 1 6 2 */
+980, /* OBJ_id_tc26_gost_3410_2012_512_constants 1 2 643 7 1 2 1 2 */
+986, /* OBJ_id_tc26_gost_28147_constants 1 2 643 7 1 2 5 1 */
186, /* OBJ_pkcs1 1 2 840 113549 1 1 */
27, /* OBJ_pkcs3 1 2 840 113549 1 3 */
187, /* OBJ_pkcs5 1 2 840 113549 1 5 */
@@ -5013,6 +5230,10 @@
439, /* OBJ_pilotAttributeSyntax 0 9 2342 19200300 100 3 */
440, /* OBJ_pilotObjectClass 0 9 2342 19200300 100 4 */
441, /* OBJ_pilotGroups 0 9 2342 19200300 100 10 */
+981, /* OBJ_id_tc26_gost_3410_2012_512_paramSetTest 1 2 643 7 1 2 1 2 0 */
+982, /* OBJ_id_tc26_gost_3410_2012_512_paramSetA 1 2 643 7 1 2 1 2 1 */
+983, /* OBJ_id_tc26_gost_3410_2012_512_paramSetB 1 2 643 7 1 2 1 2 2 */
+987, /* OBJ_id_tc26_gost_28147_param_Z 1 2 643 7 1 2 5 1 1 */
108, /* OBJ_cast5_cbc 1 2 840 113533 7 66 10 */
112, /* OBJ_pbeWithMD5AndCast5_CBC 1 2 840 113533 7 66 12 */
782, /* OBJ_id_PasswordBasedMAC 1 2 840 113533 7 66 13 */
diff -urN openssl-1.0.2l/crypto/objects/objects.txt openssl-1.0.2l-patched/crypto/objects/objects.txt
--- openssl-1.0.2l/crypto/objects/objects.txt 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/objects/objects.txt 2017-06-30 22:32:46.633534513 +1000
@@ -1156,6 +1156,7 @@
member-body 643 2 2 : cryptopro
member-body 643 2 9 : cryptocom
+member-body 643 7 1 : id-tc26
cryptopro 3 : id-GostR3411-94-with-GostR3410-2001 : GOST R 34.11-94 with GOST R 34.10-2001
cryptopro 4 : id-GostR3411-94-with-GostR3410-94 : GOST R 34.11-94 with GOST R 34.10-94
@@ -1169,8 +1170,13 @@
!Cname id-Gost28147-89
cryptopro 21 : gost89 : GOST 28147-89
: gost89-cnt
+ : gost89-cnt-12
+ : gost89-cbc
+ : gost89-ecb
+ : gost89-ctr
!Cname id-Gost28147-89-MAC
cryptopro 22 : gost-mac : GOST 28147-89 MAC
+ : gost-mac-12
!Cname id-GostR3411-94-prf
cryptopro 23 : prf-gostr3411-94 : GOST R 34.11-94 PRF
cryptopro 98 : id-GostR3410-2001DH : GOST R 34.10-2001 DH
@@ -1229,6 +1235,60 @@
cryptocom 1 8 1 : id-GostR3410-2001-ParamSet-cc : GOST R 3410-2001 Parameter Set Cryptocom
+# TC26 GOST OIDs
+
+id-tc26 1 : id-tc26-algorithms
+id-tc26-algorithms 1 : id-tc26-sign
+!Cname id-GostR3410-2012-256
+id-tc26-sign 1 : gost2012_256: GOST R 34.10-2012 with 256 bit modulus
+!Cname id-GostR3410-2012-512
+id-tc26-sign 2 : gost2012_512: GOST R 34.10-2012 with 512 bit modulus
+
+id-tc26-algorithms 2 : id-tc26-digest
+!Cname id-GostR3411-2012-256
+id-tc26-digest 2 : md_gost12_256: GOST R 34.11-2012 with 256 bit hash
+!Cname id-GostR3411-2012-512
+id-tc26-digest 3 : md_gost12_512: GOST R 34.11-2012 with 512 bit hash
+
+id-tc26-algorithms 3 : id-tc26-signwithdigest
+id-tc26-signwithdigest 2: id-tc26-signwithdigest-gost3410-2012-256: GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)
+id-tc26-signwithdigest 3: id-tc26-signwithdigest-gost3410-2012-512: GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)
+
+id-tc26-algorithms 4 : id-tc26-mac
+id-tc26-mac 1 : id-tc26-hmac-gost-3411-2012-256 : HMAC GOST 34.11-2012 256 bit
+id-tc26-mac 2 : id-tc26-hmac-gost-3411-2012-512 : HMAC GOST 34.11-2012 512 bit
+
+id-tc26-algorithms 5 : id-tc26-cipher
+
+id-tc26-algorithms 6 : id-tc26-agreement
+id-tc26-agreement 1 : id-tc26-agreement-gost-3410-2012-256
+id-tc26-agreement 2 : id-tc26-agreement-gost-3410-2012-512
+
+id-tc26 2 : id-tc26-constants
+
+id-tc26-constants 1 : id-tc26-sign-constants
+id-tc26-sign-constants 2: id-tc26-gost-3410-2012-512-constants
+id-tc26-gost-3410-2012-512-constants 0 : id-tc26-gost-3410-2012-512-paramSetTest: GOST R 34.10-2012 (512 bit) testing parameter set
+id-tc26-gost-3410-2012-512-constants 1 : id-tc26-gost-3410-2012-512-paramSetA: GOST R 34.10-2012 (512 bit) ParamSet A
+id-tc26-gost-3410-2012-512-constants 2 : id-tc26-gost-3410-2012-512-paramSetB: GOST R 34.10-2012 (512 bit) ParamSet B
+
+id-tc26-constants 2 : id-tc26-digest-constants
+id-tc26-constants 5 : id-tc26-cipher-constants
+id-tc26-cipher-constants 1 : id-tc26-gost-28147-constants
+id-tc26-gost-28147-constants 1 : id-tc26-gost-28147-param-Z : GOST 28147-89 TC26 parameter set
+
+member-body 643 3 131 1 1 : INN : INN
+member-body 643 100 1 : OGRN : OGRN
+member-body 643 100 3 : SNILS : SNILS
+
+#GOST R34.13-2015 Grasshopper "Kuznechik"
+ : grasshopper-ecb
+ : grasshopper-ctr
+ : grasshopper-ofb
+ : grasshopper-cbc
+ : grasshopper-cfb
+ : grasshopper-mac
+
# Definitions for Camellia cipher - CBC MODE
1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC : camellia-128-cbc
diff -urN openssl-1.0.2l/crypto/objects/obj_mac.h openssl-1.0.2l-patched/crypto/objects/obj_mac.h
--- openssl-1.0.2l/crypto/objects/obj_mac.h 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/objects/obj_mac.h 2017-06-30 22:32:46.635534513 +1000
@@ -3678,6 +3678,10 @@
#define NID_cryptocom 806
#define OBJ_cryptocom OBJ_member_body,643L,2L,9L
+#define SN_id_tc26 "id-tc26"
+#define NID_id_tc26 958
+#define OBJ_id_tc26 OBJ_member_body,643L,7L,1L
+
#define SN_id_GostR3411_94_with_GostR3410_2001 "id-GostR3411-94-with-GostR3410-2001"
#define LN_id_GostR3411_94_with_GostR3410_2001 "GOST R 34.11-94 with GOST R 34.10-2001"
#define NID_id_GostR3411_94_with_GostR3410_2001 807
@@ -3716,11 +3720,26 @@
#define SN_gost89_cnt "gost89-cnt"
#define NID_gost89_cnt 814
+#define SN_gost89_cnt_12 "gost89-cnt-12"
+#define NID_gost89_cnt_12 959
+
+#define SN_gost89_cbc "gost89-cbc"
+#define NID_gost89_cbc 991
+
+#define SN_gost89_ecb "gost89-ecb"
+#define NID_gost89_ecb 992
+
+#define SN_gost89_ctr "gost89-ctr"
+#define NID_gost89_ctr 993
+
#define SN_id_Gost28147_89_MAC "gost-mac"
#define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC"
#define NID_id_Gost28147_89_MAC 815
#define OBJ_id_Gost28147_89_MAC OBJ_cryptopro,22L
+#define SN_gost_mac_12 "gost-mac-12"
+#define NID_gost_mac_12 960
+
#define SN_id_GostR3411_94_prf "prf-gostr3411-94"
#define LN_id_GostR3411_94_prf "GOST R 34.11-94 PRF"
#define NID_id_GostR3411_94_prf 816
@@ -3886,6 +3905,159 @@
#define NID_id_GostR3410_2001_ParamSet_cc 854
#define OBJ_id_GostR3410_2001_ParamSet_cc OBJ_cryptocom,1L,8L,1L
+#define SN_id_tc26_algorithms "id-tc26-algorithms"
+#define NID_id_tc26_algorithms 961
+#define OBJ_id_tc26_algorithms OBJ_id_tc26,1L
+
+#define SN_id_tc26_sign "id-tc26-sign"
+#define NID_id_tc26_sign 962
+#define OBJ_id_tc26_sign OBJ_id_tc26_algorithms,1L
+
+#define SN_id_GostR3410_2012_256 "gost2012_256"
+#define LN_id_GostR3410_2012_256 "GOST R 34.10-2012 with 256 bit modulus"
+#define NID_id_GostR3410_2012_256 963
+#define OBJ_id_GostR3410_2012_256 OBJ_id_tc26_sign,1L
+
+#define SN_id_GostR3410_2012_512 "gost2012_512"
+#define LN_id_GostR3410_2012_512 "GOST R 34.10-2012 with 512 bit modulus"
+#define NID_id_GostR3410_2012_512 964
+#define OBJ_id_GostR3410_2012_512 OBJ_id_tc26_sign,2L
+
+#define SN_id_tc26_digest "id-tc26-digest"
+#define NID_id_tc26_digest 965
+#define OBJ_id_tc26_digest OBJ_id_tc26_algorithms,2L
+
+#define SN_id_GostR3411_2012_256 "md_gost12_256"
+#define LN_id_GostR3411_2012_256 "GOST R 34.11-2012 with 256 bit hash"
+#define NID_id_GostR3411_2012_256 966
+#define OBJ_id_GostR3411_2012_256 OBJ_id_tc26_digest,2L
+
+#define SN_id_GostR3411_2012_512 "md_gost12_512"
+#define LN_id_GostR3411_2012_512 "GOST R 34.11-2012 with 512 bit hash"
+#define NID_id_GostR3411_2012_512 967
+#define OBJ_id_GostR3411_2012_512 OBJ_id_tc26_digest,3L
+
+#define SN_id_tc26_signwithdigest "id-tc26-signwithdigest"
+#define NID_id_tc26_signwithdigest 968
+#define OBJ_id_tc26_signwithdigest OBJ_id_tc26_algorithms,3L
+
+#define SN_id_tc26_signwithdigest_gost3410_2012_256 "id-tc26-signwithdigest-gost3410-2012-256"
+#define LN_id_tc26_signwithdigest_gost3410_2012_256 "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)"
+#define NID_id_tc26_signwithdigest_gost3410_2012_256 969
+#define OBJ_id_tc26_signwithdigest_gost3410_2012_256 OBJ_id_tc26_signwithdigest,2L
+
+#define SN_id_tc26_signwithdigest_gost3410_2012_512 "id-tc26-signwithdigest-gost3410-2012-512"
+#define LN_id_tc26_signwithdigest_gost3410_2012_512 "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)"
+#define NID_id_tc26_signwithdigest_gost3410_2012_512 970
+#define OBJ_id_tc26_signwithdigest_gost3410_2012_512 OBJ_id_tc26_signwithdigest,3L
+
+#define SN_id_tc26_mac "id-tc26-mac"
+#define NID_id_tc26_mac 971
+#define OBJ_id_tc26_mac OBJ_id_tc26_algorithms,4L
+
+#define SN_id_tc26_hmac_gost_3411_2012_256 "id-tc26-hmac-gost-3411-2012-256"
+#define LN_id_tc26_hmac_gost_3411_2012_256 "HMAC GOST 34.11-2012 256 bit"
+#define NID_id_tc26_hmac_gost_3411_2012_256 972
+#define OBJ_id_tc26_hmac_gost_3411_2012_256 OBJ_id_tc26_mac,1L
+
+#define SN_id_tc26_hmac_gost_3411_2012_512 "id-tc26-hmac-gost-3411-2012-512"
+#define LN_id_tc26_hmac_gost_3411_2012_512 "HMAC GOST 34.11-2012 512 bit"
+#define NID_id_tc26_hmac_gost_3411_2012_512 973
+#define OBJ_id_tc26_hmac_gost_3411_2012_512 OBJ_id_tc26_mac,2L
+
+#define SN_id_tc26_cipher "id-tc26-cipher"
+#define NID_id_tc26_cipher 974
+#define OBJ_id_tc26_cipher OBJ_id_tc26_algorithms,5L
+
+#define SN_id_tc26_agreement "id-tc26-agreement"
+#define NID_id_tc26_agreement 975
+#define OBJ_id_tc26_agreement OBJ_id_tc26_algorithms,6L
+
+#define SN_id_tc26_agreement_gost_3410_2012_256 "id-tc26-agreement-gost-3410-2012-256"
+#define NID_id_tc26_agreement_gost_3410_2012_256 976
+#define OBJ_id_tc26_agreement_gost_3410_2012_256 OBJ_id_tc26_agreement,1L
+
+#define SN_id_tc26_agreement_gost_3410_2012_512 "id-tc26-agreement-gost-3410-2012-512"
+#define NID_id_tc26_agreement_gost_3410_2012_512 977
+#define OBJ_id_tc26_agreement_gost_3410_2012_512 OBJ_id_tc26_agreement,2L
+
+#define SN_id_tc26_constants "id-tc26-constants"
+#define NID_id_tc26_constants 978
+#define OBJ_id_tc26_constants OBJ_id_tc26,2L
+
+#define SN_id_tc26_sign_constants "id-tc26-sign-constants"
+#define NID_id_tc26_sign_constants 979
+#define OBJ_id_tc26_sign_constants OBJ_id_tc26_constants,1L
+
+#define SN_id_tc26_gost_3410_2012_512_constants "id-tc26-gost-3410-2012-512-constants"
+#define NID_id_tc26_gost_3410_2012_512_constants 980
+#define OBJ_id_tc26_gost_3410_2012_512_constants OBJ_id_tc26_sign_constants,2L
+
+#define SN_id_tc26_gost_3410_2012_512_paramSetTest "id-tc26-gost-3410-2012-512-paramSetTest"
+#define LN_id_tc26_gost_3410_2012_512_paramSetTest "GOST R 34.10-2012 (512 bit) testing parameter set"
+#define NID_id_tc26_gost_3410_2012_512_paramSetTest 981
+#define OBJ_id_tc26_gost_3410_2012_512_paramSetTest OBJ_id_tc26_gost_3410_2012_512_constants,0L
+
+#define SN_id_tc26_gost_3410_2012_512_paramSetA "id-tc26-gost-3410-2012-512-paramSetA"
+#define LN_id_tc26_gost_3410_2012_512_paramSetA "GOST R 34.10-2012 (512 bit) ParamSet A"
+#define NID_id_tc26_gost_3410_2012_512_paramSetA 982
+#define OBJ_id_tc26_gost_3410_2012_512_paramSetA OBJ_id_tc26_gost_3410_2012_512_constants,1L
+
+#define SN_id_tc26_gost_3410_2012_512_paramSetB "id-tc26-gost-3410-2012-512-paramSetB"
+#define LN_id_tc26_gost_3410_2012_512_paramSetB "GOST R 34.10-2012 (512 bit) ParamSet B"
+#define NID_id_tc26_gost_3410_2012_512_paramSetB 983
+#define OBJ_id_tc26_gost_3410_2012_512_paramSetB OBJ_id_tc26_gost_3410_2012_512_constants,2L
+
+#define SN_id_tc26_digest_constants "id-tc26-digest-constants"
+#define NID_id_tc26_digest_constants 984
+#define OBJ_id_tc26_digest_constants OBJ_id_tc26_constants,2L
+
+#define SN_id_tc26_cipher_constants "id-tc26-cipher-constants"
+#define NID_id_tc26_cipher_constants 985
+#define OBJ_id_tc26_cipher_constants OBJ_id_tc26_constants,5L
+
+#define SN_id_tc26_gost_28147_constants "id-tc26-gost-28147-constants"
+#define NID_id_tc26_gost_28147_constants 986
+#define OBJ_id_tc26_gost_28147_constants OBJ_id_tc26_cipher_constants,1L
+
+#define SN_id_tc26_gost_28147_param_Z "id-tc26-gost-28147-param-Z"
+#define LN_id_tc26_gost_28147_param_Z "GOST 28147-89 TC26 parameter set"
+#define NID_id_tc26_gost_28147_param_Z 987
+#define OBJ_id_tc26_gost_28147_param_Z OBJ_id_tc26_gost_28147_constants,1L
+
+#define SN_INN "INN"
+#define LN_INN "INN"
+#define NID_INN 988
+#define OBJ_INN OBJ_member_body,643L,3L,131L,1L,1L
+
+#define SN_OGRN "OGRN"
+#define LN_OGRN "OGRN"
+#define NID_OGRN 989
+#define OBJ_OGRN OBJ_member_body,643L,100L,1L
+
+#define SN_SNILS "SNILS"
+#define LN_SNILS "SNILS"
+#define NID_SNILS 990
+#define OBJ_SNILS OBJ_member_body,643L,100L,3L
+
+#define SN_grasshopper_ecb "grasshopper-ecb"
+#define NID_grasshopper_ecb 994
+
+#define SN_grasshopper_ctr "grasshopper-ctr"
+#define NID_grasshopper_ctr 995
+
+#define SN_grasshopper_ofb "grasshopper-ofb"
+#define NID_grasshopper_ofb 996
+
+#define SN_grasshopper_cbc "grasshopper-cbc"
+#define NID_grasshopper_cbc 997
+
+#define SN_grasshopper_cfb "grasshopper-cfb"
+#define NID_grasshopper_cfb 998
+
+#define SN_grasshopper_mac "grasshopper-mac"
+#define NID_grasshopper_mac 999
+
#define SN_camellia_128_cbc "CAMELLIA-128-CBC"
#define LN_camellia_128_cbc "camellia-128-cbc"
#define NID_camellia_128_cbc 751
diff -urN openssl-1.0.2l/crypto/objects/obj_mac.num openssl-1.0.2l-patched/crypto/objects/obj_mac.num
--- openssl-1.0.2l/crypto/objects/obj_mac.num 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/objects/obj_mac.num 2017-06-30 22:32:46.636534513 +1000
@@ -955,3 +955,45 @@
jurisdictionLocalityName 955
jurisdictionStateOrProvinceName 956
jurisdictionCountryName 957
+id_tc26 958
+gost89_cnt_12 959
+gost_mac_12 960
+id_tc26_algorithms 961
+id_tc26_sign 962
+id_GostR3410_2012_256 963
+id_GostR3410_2012_512 964
+id_tc26_digest 965
+id_GostR3411_2012_256 966
+id_GostR3411_2012_512 967
+id_tc26_signwithdigest 968
+id_tc26_signwithdigest_gost3410_2012_256 969
+id_tc26_signwithdigest_gost3410_2012_512 970
+id_tc26_mac 971
+id_tc26_hmac_gost_3411_2012_256 972
+id_tc26_hmac_gost_3411_2012_512 973
+id_tc26_cipher 974
+id_tc26_agreement 975
+id_tc26_agreement_gost_3410_2012_256 976
+id_tc26_agreement_gost_3410_2012_512 977
+id_tc26_constants 978
+id_tc26_sign_constants 979
+id_tc26_gost_3410_2012_512_constants 980
+id_tc26_gost_3410_2012_512_paramSetTest 981
+id_tc26_gost_3410_2012_512_paramSetA 982
+id_tc26_gost_3410_2012_512_paramSetB 983
+id_tc26_digest_constants 984
+id_tc26_cipher_constants 985
+id_tc26_gost_28147_constants 986
+id_tc26_gost_28147_param_Z 987
+INN 988
+OGRN 989
+SNILS 990
+gost89_cbc 991
+gost89_ecb 992
+gost89_ctr 993
+grasshopper_ecb 994
+grasshopper_ctr 995
+grasshopper_ofb 996
+grasshopper_cbc 997
+grasshopper_cfb 998
+grasshopper_mac 999
diff -urN openssl-1.0.2l/crypto/objects/obj_xref.h openssl-1.0.2l-patched/crypto/objects/obj_xref.h
--- openssl-1.0.2l/crypto/objects/obj_xref.h 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/objects/obj_xref.h 2017-06-30 22:32:46.636534513 +1000
@@ -56,6 +56,10 @@
NID_dh_cofactor_kdf},
{NID_dhSinglePass_cofactorDH_sha512kdf_scheme, NID_sha512,
NID_dh_cofactor_kdf},
+ {NID_id_tc26_signwithdigest_gost3410_2012_256, NID_id_GostR3411_2012_256,
+ NID_id_GostR3410_2012_256},
+ {NID_id_tc26_signwithdigest_gost3410_2012_512, NID_id_GostR3411_2012_512,
+ NID_id_GostR3410_2012_512},
};
static const nid_triple *const sigoid_srt_xref[] = {
@@ -96,4 +100,6 @@
&sigoid_srt[26],
&sigoid_srt[27],
&sigoid_srt[28],
+ &sigoid_srt[40],
+ &sigoid_srt[41],
};
diff -urN openssl-1.0.2l/crypto/objects/obj_xref.txt openssl-1.0.2l-patched/crypto/objects/obj_xref.txt
--- openssl-1.0.2l/crypto/objects/obj_xref.txt 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/objects/obj_xref.txt 2017-06-30 22:32:46.637534513 +1000
@@ -44,6 +44,8 @@
id_GostR3411_94_with_GostR3410_94 id_GostR3411_94 id_GostR3410_94
id_GostR3411_94_with_GostR3410_94_cc id_GostR3411_94 id_GostR3410_94_cc
id_GostR3411_94_with_GostR3410_2001_cc id_GostR3411_94 id_GostR3410_2001_cc
+id_tc26_signwithdigest_gost3410_2012_256 id_GostR3411_2012_256 id_GostR3410_2012_256
+id_tc26_signwithdigest_gost3410_2012_512 id_GostR3411_2012_512 id_GostR3410_2012_512
# ECDH KDFs and their corresponding message digests and schemes
dhSinglePass_stdDH_sha1kdf_scheme sha1 dh_std_kdf
dhSinglePass_stdDH_sha224kdf_scheme sha224 dh_std_kdf
diff -urN openssl-1.0.2l/crypto/pkcs12/p12_mutl.c openssl-1.0.2l-patched/crypto/pkcs12/p12_mutl.c
--- openssl-1.0.2l/crypto/pkcs12/p12_mutl.c 2017-05-25 22:54:38.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/pkcs12/p12_mutl.c 2017-06-30 22:32:46.637534513 +1000
@@ -65,6 +65,28 @@
# include <openssl/rand.h>
# include <openssl/pkcs12.h>
+# define TK26_MAC_KEY_LEN 32
+
+static int PKCS12_gen_gost_mac_key(const char *pass, int passlen,
+ const unsigned char *salt, int saltlen,
+ int iter, const EVP_MD *digest, int keylen,
+ unsigned char *key)
+{
+ unsigned char out[96];
+
+ if (keylen != TK26_MAC_KEY_LEN) {
+ return 0;
+ }
+
+ if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter,
+ digest, 96, out)) {
+ return 0;
+ }
+ memcpy(key, out + 64, TK26_MAC_KEY_LEN);
+ OPENSSL_cleanse(out, 96);
+ return 1;
+}
+
/* Generate a MAC */
int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
unsigned char *mac, unsigned int *maclen)
@@ -73,7 +95,7 @@
HMAC_CTX hmac;
unsigned char key[EVP_MAX_MD_SIZE], *salt;
int saltlen, iter;
- int md_size;
+ int md_size = 0;
if (!PKCS7_type_is_data(p12->authsafes)) {
PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA);
@@ -93,8 +115,19 @@
md_size = EVP_MD_size(md_type);
if (md_size < 0)
return 0;
- if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
- md_size, key, md_type)) {
+ if ((md_type->type == NID_id_GostR3411_94
+ || md_type->type == NID_id_GostR3411_2012_256
+ || md_type->type == NID_id_GostR3411_2012_512)
+ && !getenv("LEGACY_GOST_PKCS12")) {
+ md_size = TK26_MAC_KEY_LEN;
+ if (!PKCS12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter,
+ md_type, md_size, key)) {
+ PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
+ return 0;
+ }
+ } else
+ if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
+ md_size, key, md_type)) {
PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
return 0;
}
diff -urN openssl-1.0.2l/crypto/pkcs7/pk7_smime.c openssl-1.0.2l-patched/crypto/pkcs7/pk7_smime.c
--- openssl-1.0.2l/crypto/pkcs7/pk7_smime.c 2017-05-25 22:54:34.134746123 +1000
+++ openssl-1.0.2l-patched/crypto/pkcs7/pk7_smime.c 2017-06-30 22:32:46.637534513 +1000
@@ -185,6 +185,8 @@
goto err;
}
if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
+ || !add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1)
+ || !add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1)
|| !add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
|| !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
|| !add_cipher_smcap(smcap, NID_aes_192_cbc, -1)

61
openssl-1.0.2l-icpbrasil.patch
View file

@ -1,61 +0,0 @@
diff -aur openssl-1.0.2l/crypto/x509v3/v3_alt.c openssl-1.0.2l_patched/crypto/x509v3/v3_alt.c
--- openssl-1.0.2l/crypto/x509v3/v3_alt.c 2017-05-25 14:54:38.000000000 +0200
+++ openssl-1.0.2l_patched/crypto/x509v3/v3_alt.c 2017-05-26 08:33:41.285793387 +0200
@@ -116,9 +116,57 @@
{
unsigned char *p;
char oline[256], htmp[5];
+
+ int rc = 0;
+
+ /* see http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF
+ * for the OID definitions and more details
+ * All content is ASN.1 OCTET STRING
+ */
+ /* person related */
+ const char oid_id_pf[] = "2.16.76.1.3.1"; /* person identification data as follows:
+ * birth date: ddmmyyyy (8)
+ * CPF number: (11)
+ * PIS/PASEP number: (11)
+ * RG number: (11)
+ * RG emmitter and state: (6)
+ */
+ const char oid_el_pf[] = "2.16.76.1.3.5"; /* Electoral data:
+ * card number: (11)
+ * electoral zone: (3)
+ * electoral section: (4)
+ * city and state: (22)
+ */
+ /* company related */
+ const char oid_pj_id1[] = "2.16.76.1.3.4"; /* info about the person responsible for the company's certificate:
+ * birth date: ddmmyyyy (8)
+ * CPF number: (11)
+ * PIS/PASEP number: (11)
+ * RG number: (11)
+ * RG emitter and state: (6)
+ */
+ const char oid_pj_name[] = "2.16.76.1.3.2"; /* Name of the person responsible for the company's certificate */
+ const char oid_pj_cnpj[] = "2.16.76.1.3.3"; /* CNPJ number of the company*/
+
int i;
switch (gen->type) {
case GEN_OTHERNAME:
+ rc = OBJ_obj2txt(oline, sizeof(oline), gen->d.otherName->type_id, 1);
+ if (rc)
+ if ((!strncmp(oline, oid_id_pf, sizeof(oid_id_pf))) ||
+ (!strncmp(oline, oid_el_pf, sizeof(oid_el_pf))) ||
+ (!strncmp(oline, oid_pj_id1, sizeof(oid_pj_id1))) ||
+ (!strncmp(oline, oid_pj_name, sizeof(oid_pj_name))) ||
+ (!strncmp(oline, oid_pj_cnpj, sizeof(oid_pj_cnpj))))
+ /* FIXME: is that string always null terminated? */
+ if (!X509V3_add_value("othername", gen->d.otherName->value->value.octet_string->data, &ret))
+ return NULL;
+ else
+ if (!X509V3_add_value("othername","<unsupported>", &ret))
+ return NULL;
+ else
+ if (!X509V3_add_value("othername","<unsupported>", &ret))
+ return NULL;
if (!X509V3_add_value("othername", "<unsupported>", &ret))
return NULL;
break;

30
openssl-alt-e2k-makecontext.patch Normal file
View file

@ -0,0 +1,30 @@
diff --git a/openssl/crypto/async/arch/async_posix.c b/openssl/crypto/async/arch/async_posix.c
index 02c342d..a11f451 100644
--- a/crypto/async/arch/async_posix.c
+++ b/crypto/async/arch/async_posix.c
@@ -40,8 +40,15 @@ int async_fibre_makecontext(async_fibre *fibre)
if (fibre->fibre.uc_stack.ss_sp != NULL) {
fibre->fibre.uc_stack.ss_size = STACKSIZE;
fibre->fibre.uc_link = NULL;
+#ifndef __e2k__
makecontext(&fibre->fibre, async_start_func, 0);
return 1;
+#else
+ if (makecontext_e2k(&fibre->fibre, async_start_func, 0))
+ return 1;
+ else
+ return 0;
+#endif
}
} else {
fibre->fibre.uc_stack.ss_sp = NULL;
@@ -53,6 +60,9 @@ void async_fibre_free(async_fibre *fibre)
{
OPENSSL_free(fibre->fibre.uc_stack.ss_sp);
fibre->fibre.uc_stack.ss_sp = NULL;
+#ifdef __e2k__
+ freecontext_e2k(&fibre->fibre);
+#endif
}
#endif

1
openssl.macros
View file

@ -1 +0,0 @@
%_openssldir @OPENSSLDIR@

307
openssl.spec
View file

@ -1,74 +1,56 @@
%define major 1.0.0
%define major 1.1
%define engines_name %mklibname openssl-engines %{major}
%define libcrypto %mklibname crypto %{major}
%define libssl %mklibname ssl %{major}
%define devname %mklibname openssl -d
%define staticname %mklibname openssl -s -d
# patchelf 0.9 is buggy so compat libraries are experimental for now
%bcond_without compat
%define major_compat 10
%define libcrypto_compat %mklibname crypto %{major_compat}
%define libssl_compat %mklibname ssl %{major_compat}
%define conflict2 %mklibname openssl 0.9.8
# Number of threads to spawn when testing some threading fixes.
#define thread_test_threads %%{?threads:%%{threads}}%%{!?threads:1}
%define with_krb5 %{?_with_krb5:1}%{!?_with_krb5:0}
# This directory is defined in /usr/bin/openssl-config and %%_rpmmacrodir/*openssl*
# during the build.
# The purpose is a system-wide definition of this directory
# to guarantee consistency across the whole repository.
%define _openssldir %{_sysconfdir}/pki/tls
%define openssl_engines_dir %{_libdir}/engines-%{major}
%define _docs %{expand:
%doc AUTHORS \
%doc CHANGES \
%doc LICENSE \
%doc FAQ \
%doc NEWS \
%doc README \
%doc README.ENGINE
}
Summary: Secure Sockets Layer communications libs & utils
Name: openssl
Version: 1.0.2u
Release: 4
License: BSD-like
Version: 1.1.1g
Release: 1
License: OpenSSL
Group: System/Libraries
Url: https://www.openssl.org
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
Source1: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz.asc
Source2: Makefile.certificate
Source3: make-dummy-cert
Source4: openssl-thread-test.c
Source5: openssl-config
Source6: openssl.macros
# Based on https://github.com/gost-engine/engine
# Never remove gost-engine patches
Patch0: openssl-1.0.2l-gost-engine.patch
# Backport GOST 2015 identificators and GOST OIDs for Edwards parameter sets
Patch1: openssl-1.0.2-Backport-GOST-2015-identificators-and-GOST-OIDs-for-.patch
# Handle RPM_OPT_FLAGS in Configure
Patch2: openssl-1.0.2e-optflags.patch
Patch3: openssl-1.0.1c-fix-perlpath.pl
# (oe) support Brazilian Government OTHERNAME X509v3 field (#14158)
# http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF
Patch6: openssl-1.0.2l-icpbrasil.patch
Patch7: openssl-1.0.2-defaults.patch
Patch12: openssl-1.0.2-x509.patch
Patch13: openssl-1.0.2-add-engines.patch
Patch302: openssl-1.0.2-enginesdir.patch
Patch303: openssl-0.9.8a-no-rpath.patch
Patch304: openssl-1.0.2-test-use-localhost.patch
Patch1: openssl-alt-e2k-makecontext.patch
BuildRequires: bc
%if %{with compat}
# readelf is used to produce libcrypto.so.10 and libssl.so.10
# needed for compatibility with Fedora/RHEL (Viber etc)
BuildRequires: patchelf >= 0.10-0.20170615.2
%endif
%{?_with_krb5:BuildRequires: krb5-devel}
BuildRequires: sctp-devel
BuildRequires: pkgconfig(zlib)
# for %%check, ./test/run_tests.pl
BuildRequires: perl-devel
BuildRequires: perl-Module-Load-Conditional
BuildRequires: perl(File::Spec::Functions)
BuildRequires: perl(File::Basename)
BuildRequires: perl(FindBin)
BuildRequires: perl(Test::Harness)
BuildRequires: perl(Test::More)
Requires: %{engines_name} = %{EVRD}
Requires: perl-base
Requires: rootcerts
Provides: /usr/bin/openssl
Provides: openssl-config
Provides: openssl%{major} = %{EVRD}
Provides: openssl-config = %{EVRD}
%description
The openssl certificate management tool and the shared libraries that provide
@ -76,8 +58,7 @@ various encryption and decription algorithms and protocols, including DES, RC4,
RSA and SSL.
%files
%doc FAQ LICENSE NEWS PROBLEMS main-doc-info/README*
%doc README README.ASN1 README.ENGINE
%_docs
%dir %{_sysconfdir}/pki
%dir %{_sysconfdir}/pki/CA
%dir %{_sysconfdir}/pki/CA/private
@ -87,11 +68,13 @@ RSA and SSL.
%dir %{_openssldir}/private
%dir %{_openssldir}/rootcerts
%attr(0644,root,root) %config(noreplace) %{_openssldir}/openssl.cnf
%attr(0644,root,root) %config(noreplace) %{_openssldir}/ct_log_list.cnf
%attr(0755,root,root) %{_openssldir}/certs/make-dummy-cert
%attr(0644,root,root) %{_openssldir}/certs/Makefile
%attr(0755,root,root) %{_openssldir}/misc/*
%attr(0755,root,root) %{_bindir}/*
%attr(0644,root,root) %{_mandir}/man[157]/*
%{_defaultdocdir}/openssl/html/man[157]
#----------------------------------------------------------------------------
@ -99,24 +82,14 @@ RSA and SSL.
Summary: Engines for openssl
Group: System/Libraries
Provides: openssl-engines = %{EVRD}
# libgost.so was moved to openssl-gost-engine
%if %rpm5
Requires: %{_lib}openssl-gost-engine%{major}
%else
# We must keep openssl-gost-engine preinstalled in rpm5 platforms.
# But dnf installs recommended deps in more cases then urpmi,
# So let's let users remove gost-engine if needed.
Recommends: %{_lib}openssl-gost-engine%{major}
%endif
%description -n %{engines_name}
This package provides engines for openssl.
%files -n %{engines_name}
%doc FAQ LICENSE NEWS PROBLEMS main-doc-info/README*
%doc README README.ASN1 README.ENGINE
%attr(0755,root,root) %dir %{_libdir}/openssl-%{major}/engines
%attr(0755,root,root) %{_libdir}/openssl-%{major}/engines/*.so
%_docs
%attr(0755,root,root) %dir %{openssl_engines_dir}/
%attr(0755,root,root) %{openssl_engines_dir}/*.so
#----------------------------------------------------------------------------
@ -130,7 +103,7 @@ The libraries files are needed for various cryptographic algorithms
and protocols, including DES, RC4, RSA and SSL.
%files -n %{libcrypto}
%doc FAQ LICENSE NEWS PROBLEMS README*
%_docs
%{_libdir}/libcrypto.so.%{major}*
#----------------------------------------------------------------------------
@ -138,20 +111,13 @@ and protocols, including DES, RC4, RSA and SSL.
%package -n %{libssl}
Summary: Secure Sockets Layer communications libs
Group: System/Libraries
Conflicts: %{_lib}openssl1.0.0 < 1.0.1n
Obsoletes: %{_lib}openssl1.0.0 < 1.0.1n
# needed to avoid undefined symbols in rpm (rpm depends on neon library)
Conflicts: %{_lib}neon0.27 < 0.30.1
# needed to avoid undefined symbols in curl and wget as they block update
Conflicts: curl < 1:7.47.1
Conflicts: wget < 1.17.1
%description -n %{libssl}
The libraries files are needed for various cryptographic algorithms
and protocols, including DES, RC4, RSA and SSL.
%files -n %{libssl}
%doc FAQ LICENSE NEWS PROBLEMS README*
%_docs
%{_libdir}/libssl.so.%{major}*
#----------------------------------------------------------------------------
@ -161,7 +127,7 @@ Summary: Secure Sockets Layer communications libs & headers & utils
Group: Development/Other
Requires: %{libssl} = %{EVRD}
Requires: %{libcrypto} = %{EVRD}
Provides: libopenssl-devel
Provides: libopenssl-devel = %{EVRD}
Provides: %{name}-devel = %{EVRD}
%description -n %{devname}
@ -170,12 +136,13 @@ for various cryptographic algorithms and protocols, including DES, RC4, RSA
and SSL.
%files -n %{devname}
%doc CHANGES doc/* devel-doc-info/README*
%_docs
%dir %{_includedir}/openssl
%{_includedir}/openssl/*
%{_libdir}/libcrypto.so
%{_libdir}/libssl.so
%{_mandir}/man3/*
%{_defaultdocdir}/openssl/html/man3
%{_libdir}/pkgconfig/*
%{_rpmmacrodir}/*openssl*
@ -185,7 +152,7 @@ and SSL.
Summary: Secure Sockets Layer communications static libs
Group: Development/Other
Requires: %{devname} = %{EVRD}
Provides: libopenssl-static-devel
Provides: libopenssl-static-devel = %{EVRD}
Provides: %{name}-static-devel = %{EVRD}
%description -n %{staticname}
@ -193,64 +160,13 @@ The static libraries needed to compile apps with support for various
cryptographic algorithms and protocols, including DES, RC4, RSA and SSL.
%files -n %{staticname}
%doc FAQ LICENSE NEWS PROBLEMS main-doc-info/README*
%doc README README.ASN1 README.ENGINE
%_docs
%attr(0644,root,root) %{_libdir}/lib*.a
#----------------------------------------------------------------------------
%if %{with compat}
%package -n %{libcrypto_compat}
Summary: Secure Sockets Layer communications libs (Fedora compatibility only)
Group: System/Libraries
%description -n %{libcrypto_compat}
The libraries files are needed for various cryptographic algorithms
and protocols, including DES, RC4, RSA and SSL.
%files -n %{libcrypto_compat}
%doc FAQ LICENSE NEWS PROBLEMS README*
%{_libdir}/libcrypto.so.%{major_compat}*
%endif
#----------------------------------------------------------------------------
%if %{with compat}
%package -n %{libssl_compat}
Summary: Secure Sockets Layer communications libs (Fedora compatibility only)
Group: System/Libraries
%description -n %{libssl_compat}
The libraries files are needed for various cryptographic algorithms
and protocols, including DES, RC4, RSA and SSL.
%files -n %{libssl_compat}
%doc FAQ LICENSE NEWS PROBLEMS README*
%{_libdir}/libssl.so.%{major_compat}*
%endif
#----------------------------------------------------------------------------
%prep
%setup -q
%patch0 -p1 -b .gost
%patch1 -p1
%patch2 -p1 -b .optflags
%patch3 -p1 -b .perl
%patch6 -p1 -b .icpbrasil
%patch7 -p1 -b .defaults
%{?_with_krb5:%patch8 -p1 -b .krb5}
%patch12 -p1 -b .x509
%patch13 -p1 -b .version-add-engines
%patch302 -p1 -b .engines
%patch303 -p1 -b .no-rpath
%patch304 -p1 -b .test-use-localhost
perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile
# fix perl path
perl util/perlpath.pl %{_bindir}/perl
%autosetup -p1
cp %{SOURCE2} Makefile.certificate
cp %{SOURCE3} make-dummy-cert
@ -271,54 +187,63 @@ fi
%ifarch %{arm}
sslarch=linux-generic32
%endif
# from ALT
%ifarch riscv64 %{e2k}
sslarch=linux-generic64
%endif
# ia64, x86_64, ppc, ppc64 are OK by default
# Configure the build tree. Override OpenSSL defaults with known-good defaults
# usable on all platforms. The Configure script already knows to use -fPIC and
# RPM_OPT_FLAGS, so we can skip specifiying them here.
./Configure \
--openssldir=%{_openssldir} ${sslflags} \
--enginesdir=%{_libdir}/openssl-%{major}/engines \
--prefix=%{_prefix} --libdir=%{_lib}/ %{?_with_krb5:--with-krb5-flavor=MIT -I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib}} \
zlib no-idea no-rc5 enable-camellia enable-seed enable-tlsext enable-rfc3779 enable-cms enable-md2 sctp shared ${sslarch}
--prefix=%{_prefix} \
--libdir=%{_libdir} \
--openssldir=%{_openssldir} \
${sslflags} \
enable-camellia \
enable-cms \
enable-md2 \
enable-rc5 \
enable-rfc3779 \
enable-sctp \
enable-seed \
enable-ssl3 \
enable-ssl3-method \
no-ec2m \
no-mdc2 \
no-srp \
zlib-dynamic \
shared \
${sslarch}
# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
# marked as not requiring an executable stack.
RPM_OPT_FLAGS="%{optflags} -Wa,--noexecstack"
make depend
make all build-shared
# Generate hashes for the included certs.
make rehash build-shared
%make all
%check
# Verify that what was compiled actually works.
export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
export LD_LIBRARY_PATH=%{buildroot}%{_libdir}
# from OMV and ALT
OPENSSL_ENABLE_MD5_VERIFY=
export OPENSSL_ENABLE_MD5_VERIFY
OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
export OPENSSL_SYSTEM_CIPHERS_OVERRIDE
# (mikhailnov) TODO: they fail, fix them?!
rm -f test/recipes/10-test_bn.t
rm -f test/recipes/80-test_ssl_new.t
make test
make -C test apps tests
gcc -o openssl-thread-test \
%{?_with_krb5:`krb5-config --cflags`} \
%__cc -o openssl-thread-test \
-I./include \
%{optflags} \
openssl-thread-test.c \
-L. -lssl -lcrypto \
%{?_with_krb5:`krb5-config --libs`} \
-lpthread -lz -ldl
./openssl-thread-test --threads %{thread_test_threads}
./openssl-thread-test --threads 4
%install
%makeinstall \
INSTALL_PREFIX=%{buildroot} \
MANDIR=%{_mandir} \
build-shared
# the makefiles is too borked...
install -d %{buildroot}%{_libdir}/openssl-%{major}
mv %{buildroot}%{_libdir}/engines %{buildroot}%{_libdir}/openssl-%{major}/engines
%makeinstall_std
# make the rootcerts dir
install -d %{buildroot}%{_openssldir}/rootcerts
@ -330,7 +255,7 @@ install -m0644 Makefile.certificate %{buildroot}%{_openssldir}/certs/Makefile
install -m0755 make-dummy-cert %{buildroot}%{_openssldir}/certs/make-dummy-cert
# Pick a CA script.
mv %{buildroot}%{_openssldir}/misc/CA.sh %{buildroot}%{_openssldir}/misc/CA
mv %{buildroot}%{_openssldir}/misc/CA.pl %{buildroot}%{_openssldir}/misc/CA
install -d %{buildroot}%{_sysconfdir}/pki/CA
install -d %{buildroot}%{_sysconfdir}/pki/CA/private
@ -338,54 +263,36 @@ install -d %{buildroot}%{_sysconfdir}/pki/CA/private
# openssl was named ssleay in "ancient" times.
ln -snf openssl %{buildroot}%{_bindir}/ssleay
# The man pages rand.3 and passwd.1 conflict with other packages
# Rename them to ssl-* and also make a symlink from openssl-* to ssl-*
mv %{buildroot}%{_mandir}/man1/passwd.1 %{buildroot}%{_mandir}/man1/ssl-passwd.1
ln -sf ssl-passwd.1%{_extension} %{buildroot}%{_mandir}/man1/openssl-passwd.1%{_extension}
ln -snf openssl %{buildroot}%{_bindir}/openssl%{major}
for i in rand err; do
mv %{buildroot}%{_mandir}/man3/$i.3 %{buildroot}%{_mandir}/man3/ssl-$i.3
ln -snf ssl-$i.3%{_extension} %{buildroot}%{_mandir}/man3/openssl-$i.3%{_extension}
# From ALT Linux
# Rename some man pages, fix references.
for f in passwd.1 config.5; do
name="${f%%.*}"
sect="${f##*.}"
NAME=`printf %%s "$name" |tr '[:lower:]' '[:upper:]'`
sed -i "s/\\<$NAME $sect\\>/SSL&/" %{buildroot}%{_mandir}/man"$sect/$f"
mv -v %{buildroot}%{_mandir}/man"$sect"/{,ssl}"$f"
find %{buildroot}%{_mandir} -type f -print0 |
xargs -r0 grep -FZl "\\fI$name\\fR\\|($sect)" -- |
xargs -r0 subst -p "s/\\\\fI$name\\\\fR\\\\|($sect)/\\\\fIssl$name\\\\fR\\\\|($sect)/" --
find %{buildroot}%{_mandir} -type l |while read link; do
[ "$(readlink -n "$link")" = "$f" ] || continue
ln -sfv "ssl$f" "$link"
done
done
rm -rf {main,devel}-doc-info
mkdir -p {main,devel}-doc-info
cat - << EOF > main-doc-info/README.Mandriva-manpage
Warning:
The man page of passwd, passwd.1, has been renamed to ssl-passwd.1
to avoid a conflict with passwd.1 man page from the package passwd.
EOF
cat - << EOF > devel-doc-info/README.Mandriva-manpage
Warning:
The man page of rand, rand.3, has been renamed to ssl-rand.3
to avoid a conflict with rand.3 from the package man-pages
The man page of err, err.3, has been renamed to ssl-err.3
to avoid a conflict with err.3 from the package man-pages
EOF
chmod 755 %{buildroot}%{_libdir}/pkgconfig
# strip cannot touch these unless 755
chmod 755 %{buildroot}%{_libdir}/openssl-%{major}/engines/*.so*
chmod 755 %{buildroot}%{openssl_engines_dir}/*.so*
chmod 755 %{buildroot}%{_libdir}/*.so*
chmod 755 %{buildroot}%{_bindir}/*
%if %{with compat}
# RHEL/Fedora compatibility libraries
cp %{buildroot}%{_libdir}/libcrypto.so.%{major} %{buildroot}%{_libdir}/libcrypto.so.%{major_compat}
cp %{buildroot}%{_libdir}/libssl.so.%{major} %{buildroot}%{_libdir}/libssl.so.%{major_compat}
patchelf --set-soname libcrypto.so.%{major_compat} %{buildroot}%{_libdir}/libcrypto.so.%{major_compat}
patchelf --set-soname libssl.so.%{major_compat} %{buildroot}%{_libdir}/libssl.so.%{major_compat}
%endif
# nuke a mistake
rm -f %{buildroot}%{_mandir}/man3/.3
# Fix libdir.
pushd %{buildroot}%{_libdir}/pkgconfig
for i in *.pc ; do
sed 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' \
sed 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_libdir},g' \
$i >$i.tmp && \
cat $i.tmp >$i && \
rm -f $i.tmp
@ -397,6 +304,9 @@ perl -pi -e "s|^CATOP=.*|CATOP=%{_openssldir}|g" %{buildroot}%{_openssldir}/misc
perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_openssldir}\";|g" %{buildroot}%{_openssldir}/misc/CA.pl
perl -pi -e "s|\./demoCA|%{_openssldir}|g" %{buildroot}%{_openssldir}/openssl.cnf
# remove example configs
rm -fv %{buildroot}%{_openssldir}/*.dist
# install openssl-config
install -m0755 %{SOURCE5} %{buildroot}/%{_bindir}/
# define values in openssl-config
@ -409,11 +319,14 @@ sed -i %{buildroot}/%{_bindir}/openssl-config \
# test openssl-config
[ "$(%{buildroot}/%{_bindir}/openssl-config --openssldir)" = '%{_openssldir}' ]
# make and install openssl.macros
cat %{SOURCE6} | sed -e "s#@OPENSSLDIR@#%{_openssldir}#g" > macros_file
%install_macro openssl macros_file
# verify openssl.macros
grep -q '%{_openssldir}' %{buildroot}%{_rpmmacrodir}/*openssl*
# is now built in openssl-gost-engines
rm -fv %{buildroot}%{_libdir}/openssl-%{major}/engines/libgost.so
# Having sovers as macros may be useful to check that binaries are linked against OpenSSL
# Alike LibreSSL package
cat << EOF > macros.file
%%_openssldir %{_openssldir}
%%openssl_version %{version}
%%openssl_libcrypto_sover %{major}
%%openssl_libssl_sover %{major}
%%openssl_prefix %{_prefix}
%%openssl_engines_dir %{openssl_engines_dir}
EOF
%install_macro openssl macros.file